What Are the Latest Changes to the Cyber Essentials Scheme

Guernsey
6th February 2023
Information Security

What Are the Latest Changes to the Cyber Essentials Scheme

Senior Information Security Consultant, James Ogier, explores the upcoming changes to the Cyber Essentials scheme.

Last year I wrote a piece on the 2022 Cyber Essentials changes, these changes were the biggest update to the scheme since it was first developed in 2014.

Moving into 2023, the NCSC and it’s Cyber Essentials delivery partner, IASME, have made further lighter touch changes and added clarification in the guidance. This latest version, named ‘Montpellier’, replaces the Evendine version and is effective from the 24th April 2023.

Thankfully, there aren’t too many changes to the requirements, here are the key ones you should know about.

Firstly, information relevant to scoping and definitions has been updated, such as clarification on what firmware is included, namely router and firewall firmware. The way that endpoint information is collected has also been updated.

There are also references to why asset management is important to a successful cyber security program, which is a key theme in the identify aspect of any well-known security framework.

Next, there’s further clarification around third-party devices and device-unlocking requirements, as well as minor changes to the malware protection section, which now officially facilitates support of next generation endpoint protection solutions, such as SentinelOne.

The NCSC Cyber Essentials Requirements for Infrastructure has been updated to reflect the latest changes in the scheme.

Whilst Cyber Essentials is a relatively straightforward and proportionate first step for organisations wanting to prove that they take cyber security seriously, it’s important to build upon this and seek certification to Cyber Essentials Plus, or the IASME Cyber Assurance standards. Quite simply, Cyber Essentials is just that, the essentials! Having Cyber Essentials is not enough on its own to meet the requirements of the GFSC Cyber Rules and Guidance, for example, but it’s a great start!

Resolution IT are currently helping to raise the bar across the islands and offering free gap analyses for Cyber Essentials certification and a discount for Cyber Essentials Plus readiness checks, so if your organisation isn’t Cyber Essentials certified, now is the time.

Find out more here.

Career opportunities

If you’re looking for your next career move and seeking opportunities offering professional development, rewards and success, then come and talk to us at Resolution IT.

Ready to begin a partnership with us?

Contact Form

"*" indicates required fields

We'd love to hear from you

Whether you're interested in IT support, transformation projects or cyber security, start a conversation to discover how we can help your business succeed.
This field is for validation purposes and should be left unchanged.