Cyber Essentials & Cyber Essentials Plus

Get UK Government-backed certification to protect your organisation, win contracts, and demonstrate cyber resilience.

Cyber Essentials & Cyber Essentials Plus Certification

Protect your organisation from common cyber threats and demonstrate your commitment to security with Cyber Essentials or Cyber Essentials Plus certification — the UK Government-backed cyber security standard.

We guide organisations through the entire certification process, from readiness and remediation to successful assessment and future re-certification.

What is Cyber Essentials?

Cyber Essentials is a UK Government-backed certification scheme, delivered through IASME and CREST, designed to help organisations protect themselves against the most common cyber attacks.

It provides a clear framework for improving cyber security and is often a requirement for:

  • UK Government contracts
  • Public sector supply chains
  • Organisations handling sensitive or personal data

The technical requirements were most recently updated in April 2023 to reflect modern threats, remote working practices, and evolving technologies.

The Two Levels of Cyber Essentials

Cyber Essentials (Level 1)

Cyber Essentials is a self-assessment certification that verifies your organisation
has implemented five essential cyber security controls.

Best suited for:

  • SMEs and growing organisations
  • Businesses bidding for baseline cyber assurance contracts
  • Organisations starting their cyber security journey

The Five Core Controls

  • Secure configuration – Secure system setup
  • Firewalls & gateways – Control network traffic
  • User access control – Least-privilege access
  • Malware protection – Prevent malicious software
  • Patch management – Keep systems up to date

Cyber Essentials Plus (Level 2)

Cyber Essentials Plus includes all Level 1 requirements, plus an independent
technical assessment by an accredited assessor.

Includes:

  • External vulnerability testing
  • Internal testing of user devices
  • Verification of controls in practice

Typically required if you:

  • Supply the UK Government or MOD
  • Work in regulated or high-risk sectors
  • Require higher assurance for tenders

Not currently mandatory for G-Cloud or the Digital Services Framework.

Related Downloads

Cyber Essentials

For more information about Cyber Essentials download our service leaflet.

Cyber Essentials Plus

For more information about Cyber Essentials Plus, download our service leaflet.

Get Started with Cyber Essentials

Contact Us

© 2026 Advent IM Limited.