Skip to the content

Follow us @UKAuthority

NCSC to update Cyber Essentials requirements

01/12/21

Mark Say Managing Editor

Share

The National Cyber Security Centre (NCSC) is planning to update the technical controls of its Cyber Essentials scheme in the new year.

Cyber lock on binary code

It has indicated that it will introduce an updated set of requirements on 24 January in what it described as the biggest overhaul since the scheme was launched in 2014.

This comes in response to the further evolution of cyber threats and points towards a more regular review of the technical controls in the future.

Cyber Essentials is a list of requirements, backed by the UK Government, for organisations to defend against the most common threats. Certification is intended to provide a degree of assurance that an organisation is well protected.

The IASME Consortium, the NCSC’s delivery partner for the scheme, has provided an outline of the changes which includes: bringing home working devices but not routers into scope; using multi-factor authentication for access to cloud services; applying all high and critical updates within 14 days and removing unsupported software; and following guidance on backing up important data.

Two new tests have also been added: one to confirm account separation between user and administration accounts; the other to confirm multi-factor authentication is required for access to cloud services.

Organisations using the current standard will have six months to complete the new assessment to retain their certification.

IASME said there will be a grace period of one year to allow organisations to make changes around multi-factor authentication, thin clients and security updates. It added that further guidance will soon be made available.

NCSC said the Cyber Essentials Readiness tool to help organisations prepare for certification will also be updated.

Dramatic changes

“The way we work has changed dramatically over a short period of time,” it said. “The speed of the digital transformation and the adoption of cloud services are driving factors here, as well as the move to home and hybrid working, accelerated by the Covid-19 pandemic, which is now routine for many people.

“The refresh of Cyber Essentials reflects these changes and also signals a more regular review of the scheme’s technical controls.”

Image from iStock, Temniy

Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.