Upcoming Changes to Cyber Essentials – April 2025

Guernsey, Jersey
9th October 2024
Information Security

Upcoming Cyber Essentials Updates Effective April 2025: What You Need to Know

With updates to the Cyber Essentials scheme scheduled for April 2025, it’s important to start preparing now to ensure your business remains compliant.

We are here to guide you through these changes, ensuring you’re fully equipped to meet the updated requirements and achieve your Cyber Essentials certification. Read on for a summary of the key changes and how they could impact your certification journey.

Preparing for the April 2025 Cyber Essentials Update

While the next annual update to the Cyber Essentials scheme won’t go live until April 2025, we want to make sure you are well-prepared ahead of time. The new changes will affect all applications started on or after 28 April 2025, and we are ready to support you in understanding and implementing the updates.

We encourage you to review the latest documents and take advantage of our expert guidance on the new requirements. You can access the relevant documentation here:

Why Cyber Essentials Requirements Change – and Why You Should Stay Updated

Cyber Essentials is a government-approved scheme designed to protect your organisation from the most common cyber threats through five key technical controls. Achieving this certification demonstrates to your clients, partners, and stakeholders that your business has the essential cyber security measures in place to safeguard sensitive data.

To remain effective in the face of ever-evolving cyber threats, Cyber Essentials is regularly reviewed and updated by a team of experts. The major overhaul in January 2022 reflected the significant changes brought about by the rapid digital transformation during the Covid-19 pandemic. Now, as technology continues to advance at a rapid pace, it’s essential to keep your certification up to date and relevant.

Our team is on hand to ensure you’re always aligned with these changes and able to achieve certification smoothly.

What to Expect in the April 2025 Cyber Essentials Update

The April 2025 changes to the Cyber Essentials Requirements for IT Infrastructure document (Version 3.2) are relatively minor, but it’s important to understand them fully to avoid any issues with your certification.

  • Terminology updates: The term ‘plugins’ will be replaced with ‘extensions’ for improved clarity in software definitions.
  • Remote working terminology: The term ‘home working’ will be updated to ‘home and remote working’. This acknowledges that employees may work in various untrusted environments, such as cafés, hotels, and other public spaces, beyond just the home.

We’re here to help you implement these changes within your organisation to ensure your systems meet the updated requirements.

Supporting You with Passwordless Authentication

One key area where we can offer support is the growing adoption of passwordless authentication. With passwords often being reused, forgotten, or stolen, passwordless technology provides a more secure method for user access.

The new Cyber Essentials requirements will recognise passwordless authentication as a valid method for securing access. While passwords have traditionally been the default form of authentication, the move towards passwordless technology offers enhanced security by using other factors, such as biometrics or digital certificates.

Some examples of passwordless authentication methods include:

  • Biometric authentication: Fingerprints, facial recognition, or other biological traits.
  • Security keys or tokens: Physical devices like USB security keys or smart cards.
  • One-time codes: Temporary codes sent via SMS, email, or mobile apps.
  • Push notifications: Approval prompts sent to your smartphone for login attempts.

Our team can help you assess which passwordless options are best suited to your organisation, ensuring you meet the updated Cyber Essentials requirements. We will guide you in implementing these methods effectively, so your business can embrace this more secure form of authentication with confidence.

Vulnerability Fixes – Staying Secure with Our Expertise

Another significant change in the April 2025 update relates to patching and updates. The previous term ‘patches and updates’ will be replaced by ‘vulnerability fixes’, which includes a wider range of methods to address software vulnerabilities.

Our experienced assessors will ensure your organisation understands and implements the new approach to vulnerability fixes, which includes patches, registry fixes, configuration changes, and scripts provided by vendors.

We will support you through the entire process of ensuring that your systems are secured with the appropriate fixes, making sure that your organisation remains protected against known vulnerabilities in line with Cyber Essentials requirements.

Upcoming Changes to the Cyber Essentials Plus Test Specification

If you are aiming for Cyber Essentials Plus certification, there will be some adjustments to the Cyber Essentials Plus Test Specification document that you should be aware of. These changes are designed to provide greater clarity and rigour to the testing process.

The updates include:

  • Removal of the term ‘illustrative’ from the Cyber Essentials Plus Test Specification document title.
  • Ensuring the scope of your Cyber Essentials Plus assessment matches the self-assessment scope, which will be verified by your assessor.
  • If your Cyber Essentials self-assessment doesn’t cover the whole organisation, our assessors will ensure that any sub-sets of your infrastructure are properly segregated.
  • Verifying that your device sample size is calculated correctly, using the IASME-approved method.
  • Retaining all verification evidence for the duration of the certificate.

As a certification body, we have the expertise to guide you through these testing requirements, making sure you’re fully prepared and compliant when the new standards come into effect.

We’re Here to Help You Achieve Certification

We understand that staying on top of evolving cyber security requirements can be challenging. As your trusted certification body, we are here to support you every step of the way, ensuring you understand the changes, prepare for them, and successfully achieve your Cyber Essentials certification.

Whether you are seeking Cyber Essentials or Cyber Essentials Plus certification, we can provide tailored advice and expert guidance to make the process straightforward and stress-free.

Get in touch with us today to learn more about how we can help you stay secure and compliant with the latest Cyber Essentials standards.

Career opportunities

If you’re looking for your next career move and seeking opportunities offering professional development, rewards and success, then come and talk to us at Resolution IT.

Ready to begin a partnership with us?

Contact Form

"*" indicates required fields

We'd love to hear from you

Whether you're interested in IT support, transformation projects or cyber security, start a conversation to discover how we can help your business succeed.
This field is for validation purposes and should be left unchanged.