Jan 2022 – Cyber Essentials Changes

As of 24 Jan 2022 Cyber Essentials (CE), and consequently CE+ also, have changed. The technical control requirements have been updated to be more Cloud and Multi Factor Authentication (MFA) aware, and the password requirement has also been updated to align with current NCSC guidance.

For CE+ two new tests have been introduced to verify effective use of MFA and to ensure account separation between day-to-day user accounts and admin accounts. For vulnerability analysis, CE+ is also now more stringent, but with simpler pass/fail criteria.

Checkout the NCSC blog for an overview of the changes.

With the technical changes, NCSC have also introduced a price increase for larger organisations. A sliding scale of charges will still see micro businesses/organisations paying the current £300 assessment charge, but larger businesses/organisations will be charged up to £500. It’s the first price rise in 7 years, but reflects the increased complexity of assessing CE submissions.

If you’re looking to invest in CE/CE+, which NCSC state is “the minimum standard for cyber security” and are located in Bristol, Gloucestershire, Somerset, Devon, or surrounding areas, please contact us.