What Are the Latest Changes to the Cyber Essentials Scheme

James Ogier
6th February 2023
Information Security

Senior Information Security Consultant, James Ogier, explores the upcoming changes to the Cyber Essentials scheme.

Last year I wrote a piece on the 2022 Cyber Essentials changes, these changes were the biggest update to the scheme since it was first developed in 2014.

Moving into 2023, the NCSC and it’s Cyber Essentials delivery partner, IASME, have made further lighter touch changes and added clarification in the guidance. This latest version, named ‘Montpellier’, replaces the Evendine version and is effective from the 24th April 2023.

Thankfully, there aren’t too many changes to the requirements, here are the key ones you should know about.

Firstly, information relevant to scoping and definitions has been updated, such as clarification on what firmware is included, namely router and firewall firmware. The way that endpoint information is collected has also been updated.

There are also references to why asset management is important to a successful cyber security program, which is a key theme in the identify aspect of any well-known security framework.

Next, there’s further clarification around third-party devices and device-unlocking requirements, as well as minor changes to the malware protection section, which now officially facilitates support of next generation endpoint protection solutions, such as SentinelOne.

The NCSC Cyber Essentials Requirements for Infrastructure has been updated to reflect the latest changes in the scheme.

Whilst Cyber Essentials is a relatively straightforward and proportionate first step for organisations wanting to prove that they take cyber security seriously, it’s important to build upon this and seek certification to Cyber Essentials Plus, or the IASME Cyber Assurance standards. Quite simply, Cyber Essentials is just that, the essentials! Having Cyber Essentials is not enough on its own to meet the requirements of the GFSC Cyber Rules and Guidance, for example, but it’s a great start!

Resolution IT are currently helping to raise the bar across the islands and offering free gap analyses for Cyber Essentials certification and a discount for Cyber Essentials Plus readiness checks, so if your organisation isn’t Cyber Essentials certified, now is the time.

Find out more here.

James Ogier

James has worked at Resolution IT for 8 years, after a period in the aviation industry. After 7 years working in our Information Security team, guiding clients on security best practices, he now works as a Senior Consultant in our Service Delivery team.

James has earned the ISC2 SSCP (Systems Security Certified Practitioner) and is able to certify organisations to the Cyber Essentials and IASME governance standards. He also holds Microsoft MCSA Windows 8 and 10 certifications, CompTIA A+, Network+ and Security+ accreditations, as well being a Certified ISO 27001 ISMS Lead Implementer.

Career opportunities

If you’re looking for your next career move and seeking opportunities offering professional development, rewards and success, then come and talk to us at Resolution IT.

Ready to begin a partnership with us?

Contact Form

"*" indicates required fields

Send us a message

This field is for validation purposes and should be left unchanged.