Author Bio ▼

IFSEC Global is the online community for the Security and Fire industry. Our market-leading live events span the globe, connecting buyers and sellers.
December 7, 2021

Sign up to free email newsletters

Download

Three essential reasons to upgrade your access control technology

Cyber security

Cyber Essentials receives biggest update to technical controls since launch

The NCSC and IASME are set to implement an updated set of requirements for Cyber Essentials in 2022. This update will be the biggest overhaul of the scheme’s technical controls since it was launched in 2014, and comes in response to the cyber security challenges organisations now regularly face.

The way we work has changed dramatically over a short period of time. The additional risks brought about by rapid digital transformation and the adoption of cloud-based services has been compounded by the move to home-working.

The impending refresh reflects these changes and signals a regular review of the scheme’s technical controls.

The NCSC and IASME recently completed a major technical review of the scheme, the results of which have informed the updated requirements that will soon help organisations maintain their basic cyber hygiene, providing reassurance for their customers and their supply chain.

These include revisions around cloud services, as well as home-working, multi-factor authentication, password management and security updates. The controls, which have been updated with direct input from the NCSC’s and IASME’s technical experts, also align Cyber Essentials closer to other initiatives and guidance, including Cyber Aware.

Many of the changes are based on feedback from assessors and applicants, as well as consultation with the Cloud Industry Forum.


To find out more about IASME and the Cyber Essentials scheme, read our interview with IASME CEO, Dr Emma Philpott >>


The new version of the Cyber Essentials technical requirements will be implemented for new assessment accounts from 24th January 2022.

However, any assessment account that is already active before the 24th January will continue to use the current technical standard. This means that any time and effort already invested will not be wasted.

Such assessments will have six months to complete from the 24th January 2022. In recognition of the extra effort that may be involved for some organisations, there will be a period of grace of up to 12 months for some of the requirements.

To access the new requirements document, click here.

Subscribe to the IFSEC Global weekly newsletter

Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Global's essential weekly newsletter. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.

Sign up now!

man reading a tablet, probably the IFSEC Global newsletter

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments