News & Insights
Cyber Essentials – Grace Period for Technical Controls
Cyber Essentials Grace Period for Technical Controls
The National Cyber Security Council have recently announced they will be extending the date for certification against the 2022 Cyber Essentials Technical Controls.
As you will remember, we announced in January the update to Cyber Essentials and the technical requirements. These updates are required to ensure the scheme remains up to date as the threat landscape and technologies continue to evolve.
As highlighted in the blog, this update was the biggest overhaul since the scheme was introduced. Due to this, the National Cyber Security Council and IASME Consortium recognised that a number of organisations will need to implement additional services when being assessed against the revised Cyber Essentials standard.
Therefore, the initial grace period was 12 months for 3 of the key changes.
- Thin Clients in scope must be supported and receiving security updates
- Unsupported Software is either removed or segregated from scope via s defined sub-set
- User Accounts on Cloud Services must be protected by MFA.
This grace period was due to come to an end in January 2023… However a recent article from National Cyber Security Council confirms that this grace period will now be extended until April 2023.
This revised date conincides with the next scheduled update to the Cyber Essentials Technical Requirements which is understood to focus on a series of claridications. It will also include vital new guidance on:
- Clarification on firmware – All firmware is currently included in the definition of ‘software’, so must be kept up to date and supported. Due to difficulties with information provided by vendors, this is changing to just router and firewall firmware.
- Third party devices – Further information and a new table clarifying how third-party devices such as contractor or student devices should be treated in applications.
- Device unlocking – A change in this section to mitigate issues around some default settings in devices being unconfigurable. Where that is the case, it is acceptable for applicants to use those default settings.
- Malware protection – Anti-malware software will no longer need to be signature based and clarification has been added around which mechanism is suitable for different types of devices. Sandboxing is being removed as an option.
- Guidance on zero trust architecture in the context of achieving Cyber Essentials and a note on the importance of asset management.
If you’d like to understand how these changes may affect you or you’re looking to achieve Cyber Essentials, speak to a member of the team today: hello@fourtify.co.uk
Categories
- Consultancy
- The Importance of an Incident Response Plan for Small and Medium Businesses
- What is Malware?
- Is Vulnerability Scanning important to your business?
- Cyber Essentials for Accountancy Sector
- IASME Cyber Baseline FAQs
- Cyber Essentials for Small Businesses
- Funded Cyber Essentials Programme
- Cyber Essentials – Grace Period for Technical Controls
- IASME and British Chamber of Commerce: Chamber Cyber Essentials Partnership
- Cyber Assurance Level 1 & Level 2 Certification: FAQs
- The IASME Cyber Assurance Standard
- Fourtify’s Cyber Security FAQ’s
- E-mail Security
- The rise of Ransomware-as-a-Service (RaaS)
- Cyber Essentials & Cyber Essentials Plus
- Cyber Awareness
- The Importance of an Incident Response Plan for Small and Medium Businesses
- Whats your Cyber Secure Score?
- Fourtify achieve Certification Body status for Cyber Essentials Plus
- Is Vulnerability Scanning important to your business?
- Cyber Essentials / IASME Cyber Assurance: Price Increase from April 2nd 2024
- Sophos Intercept X achieves ‘AAA’ Protection
- Cyber Essentials FAQs
- What is the difference between Phishing and Blagging?
- Diminish Cyber Threats with Sophos Intercept X
- Cyber Assurance Level 1 & Level 2 Certification: FAQs
- The IASME Cyber Assurance Standard
- Fourtify’s Cyber Security FAQ’s
- E-mail Security
- The rise of Ransomware-as-a-Service (RaaS)
- Cyber Essentials 3.0 will be launching in January 2022
- Stay Safe Online this Christmas.
- Cyber Essentials & Cyber Essentials Plus
- Cyber Essentials
- Whats your Cyber Secure Score?
- Fourtify achieve Certification Body status for Cyber Essentials Plus
- What is Malware?
- Cyber Essentials for Accountancy Sector
- Cyber Essentials / IASME Cyber Assurance: Price Increase from April 2nd 2024
- Lexcel and Cyber Essentials: Strengthening Your Legal Practice’s Security.
- Cyber Essentials Montpellier (3.1)
- Cyber Security for Charities
- Cyber Essentials for Small Businesses
- Funded Cyber Essentials Programme
- Cyber Essentials – Grace Period for Technical Controls
- Cyber Essentials FAQs
- IASME and British Chamber of Commerce: Chamber Cyber Essentials Partnership
- What is the difference between Phishing and Blagging?
- Diminish Cyber Threats with Sophos Intercept X
- The IASME Cyber Assurance Standard
- Fourtify’s Cyber Security FAQ’s
- Update to Fees for Cyber Essentials Certification
- Cyber Essentials 3.0 will be launching in January 2022
- Cyber Essentials & Cyber Essentials Plus
- IASME Cyber Assurance
- Cyber Essentials / IASME Cyber Assurance: Price Increase from April 2nd 2024
- IASME Cyber Assurance & Privacy Commissioner, Bermuda.
- Cyber Security for Charities
- What is the difference between Phishing and Blagging?
- Diminish Cyber Threats with Sophos Intercept X
- Cyber Assurance Level 1 & Level 2 Certification: FAQs
- The IASME Cyber Assurance Standard
- IASME Cyber Baseline
- Remote Working