Cyber Essentials Scheme

Cyber Essentials Scheme

Nettitude is recognised by CREST as a certifying body for the Cyber Essentials scheme.

Nettitude is recognised by CREST as a certifying body for the Cyber Essentials program. Our team of highly skilled consultants are able to provide advice and guidance on how to approach the Cyber Essentials scheme. Our pragmatic advice and guidance is tailored to help both public and private sector organisations improve their levels of cyber capability. In addition, we can provide a roadmap on how to achieve certification against both the Cyber Essentials and Cyber Essentials Plus programs.

Looking for Cyber Essential scheme services?

The UK government has launched the Cyber Essentials scheme to help organisations define and measure basic levels of security hygiene.  The scheme defines a series of technical and procedural controls to mitigate the risks associated with cyber threats.  Through certifying against the Cyber Essentials scheme, organisations are able to demonstrate to their clients, their suppliers, their insurers and to industry regulators that they have undertaken essential precautions in minimising their cyber risk.

The Cyber Essentials scheme has two levels:

Cyber Essentials Stage 1

Stage 1 of cyber essentials is based around a self assessment questionnaire combined with an external vulnerability assessment.  The organisation is required to complete a questionnaire that covers some of the basic technical and procedural controls that are needed to be in place.  This questionnaire is then signed off by the organisations CEO before it is returned to the certifying body.  The vulnerability assessment targets externally facing devices at both the network and infrastructure layer.  Once a passing vulnerability assessment and  self-assessment questionnaire have been completed, the organisation will be validated against stage 1 of the cyber essentials program.

Cyber Essentials Plus Stage 2

Once organisations have passed stage 1 of cyber essentials they are eligible to apply for stage 2 (Cyber Essentials Plus).  At this level, organisations are required to have a series of technical assessments conducted against their infrastructure.  These technical assessments include internal vulnerability assessments against servers and a sample of workstations.  Once an organisation is able to demonstrate that they have implemented controls to mitigate against various different attack scenarios, they will be eligible for cyber essentials plus certification.

How can Nettitude help?

Nettitude has been delivering security architecture consulting, vulnerability analysis, penetration testing, risk management and technical security auditing for more than a decade.  Our highly experienced consultants can assist you in defining the scope for Cyber Essentials and provide you with a roadmap for achieving overall certification.  We can provide guidance around technical and procedural controls and provide you with a framework to measure the effectiveness of these controls.

For organisations pursuing stage 2 certification, Nettitude conducts both technical risk assessments and vulnerability assessments to ensure that all elements of the requirements are addressed.  Where gaps exist, Nettitude is able to offer pragmatic advice and guidance on how these gaps can be addressed. Nettitude is able to issue stage 2 (Cyber Essentials Plus) certificates through the CREST accreditation body, once the organisation is able to demonstrate the required levels of cyber hygiene.

When we initially engage with organisations, we undertake a gap analysis to measure the organisations existing controls against what is required by Cyber Essentials. Having conducted this assessment, we then provide the organisation with a clear road map on how to bridge the gaps and reduce their risks associated with a cyber breach. As the organisation moves towards stage 1 certification, Nettitude can provide on-going guidance and assistance to ensure all elements of the assessment are being catered for. Nettitude is able to assist the organisation to complete the questionnaire and complete the external vulnerability assessment. As a CREST company, Nettitude is able to issue stage 1 certificates once the organisation is able to demonstrate the required levels of cyber hygiene.

Intelligent Cyber Security and Risk Management   0345-5200085