Cyber Essentials technical requirements updated for April 2023

23 Jan 2023 02:21 PM

Part of a regular review of the scheme’s technical controls, ensuring that it continues to help UK organisations guard against the most common cyber threats.

In April 2023, the NCSC and its Cyber Essentials delivery partner IASME will update the technical requirements for Cyber Essentials. This update is part of a regular review of the scheme’s technical controls, ensuring that it continues to help UK organisations guard against the most common cyber threats.

After a major update last year – the biggest update to the scheme since it was first set up in 2014 – the 2023 update will be lighter touch, providing a number of clarifications, alongside some important new guidance. This includes:

All these changes are based on feedback from assessors and applicants, and have been made in consultation with technical experts from the NCSC. As well as the updated requirements and new question set, IASME are also providing more guidance documents to help applicants during the certification process. This includes articles to help applicants understand the questions, as well as access to a dedicated knowledge base. These resources will become available over the coming months.

This latest update (version 3.1) will take effect from 24 April 2023. This means all applications started on or after this date will use the new requirements and question set. For more information, please see this IASME blog which provides more details on the changes. An updated set of FAQs is also available on the NCSC website.