Next month Cyber Essentials (CE) will see its latest refinement. The updated technical requirements for v3.3 are provided on the NCSC website. The update is more an evolution than a revolution and provides:
• A definition of ‘cloud services’
• A definition for Passwordless Authentication includes FIDO2
• A definitive statement that cloud services cannot be excluded from scope
Whilst still not an actual CE requirement, the NCSC “highly recommend implementing an appropriate backup solution.”
If you’re based in Somerset, Devon or Gloucestershire and are looking for Cyber Essentials advice, guidance or implementation, please get in touch.