Cyber Essentials is a UK Government backed scheme through IASME and CREST to help more cyber secure organisations and businesses promote the fact by the use of a Cyber Essentials badge. The scheme works on two levels:
Level 1 comprises of five basic controls:
- Secure configuration
- Boundary firewalls and internet gateways
- User access and administration management
- Malware protection
- Patch management
Level 2 (Cyber Essentials Plus) which is mandatory for UK Government and MOD suppliers, then a more rigorous assessment is required in addition to Level 1, including internal and external vulnerability assessments. The suppliers and contracts affected are likely to be from the following sectors: IT managed or outsourced services, commercial services, financial services, legal services, HR services and business services. This will not be mandatory for suppliers through G-Cloud or the Digital Services Framework.