Author Bio ▼

IFSEC Insider, formerly IFSEC Global, is the leading online community and news platform for security and fire safety professionals.
December 7, 2021


Lithium-Ion batteries. A guide to the fire risk that isn’t going away but can be managed

Cyber security

Cyber Essentials receives biggest update to technical controls since launch

The NCSC and IASME are set to implement an updated set of requirements for Cyber Essentials in 2022. This update will be the biggest overhaul of the scheme’s technical controls since it was launched in 2014, and comes in response to the cyber security challenges organisations now regularly face.

The way we work has changed dramatically over a short period of time. The additional risks brought about by rapid digital transformation and the adoption of cloud-based services has been compounded by the move to home-working.

The impending refresh reflects these changes and signals a regular review of the scheme’s technical controls.

The NCSC and IASME recently completed a major technical review of the scheme, the results of which have informed the updated requirements that will soon help organisations maintain their basic cyber hygiene, providing reassurance for their customers and their supply chain.

These include revisions around cloud services, as well as home-working, multi-factor authentication, password management and security updates. The controls, which have been updated with direct input from the NCSC’s and IASME’s technical experts, also align Cyber Essentials closer to other initiatives and guidance, including Cyber Aware.

Many of the changes are based on feedback from assessors and applicants, as well as consultation with the Cloud Industry Forum.

To find out more about IASME and the Cyber Essentials scheme, read our interview with IASME CEO, Dr Emma Philpott >>

The new version of the Cyber Essentials technical requirements will be implemented for new assessment accounts from 24th January 2022.

However, any assessment account that is already active before the 24th January will continue to use the current technical standard. This means that any time and effort already invested will not be wasted.

Such assessments will have six months to complete from the 24th January 2022. In recognition of the extra effort that may be involved for some organisations, there will be a period of grace of up to 12 months for some of the requirements.

To access the new requirements document, click here.

Subscribe to the IFSEC Insider weekly newsletters

Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.

Sign up now!

man reading a tablet, probably the IFSEC Global newsletter

Related Topics

Notify of
Inline Feedbacks
View all comments