Senior Information Security Consultant, James Ogier, explores the upcoming changes to the Cyber Essentials scheme.
Last year I wrote a piece on the 2022 Cyber Essentials changes, these changes were the biggest update to the scheme since it was first developed in 2014.
Moving into 2023, the NCSC and it’s Cyber Essentials delivery partner, IASME, have made further lighter touch changes and added clarification in the guidance. This latest version, named ‘Montpellier’, replaces the Evendine version and is effective from the 24th April 2023.
Thankfully, there aren’t too many changes to the requirements, here are the key ones you should know about.
Firstly, information relevant to scoping and definitions has been updated, such as clarification on what firmware is included, namely router and firewall firmware. The way that endpoint information is collected has also been updated.