Download Question Sets & Standards:

Cyber Essentials

IASME Cyber Assurance

IASME Cyber Baseline

Cyber Essentials: Requirements for Infrastructure

The latest version (3.1) of Cyber Essentials Requirements for Infrastructure released by National Cyber Security Council (NCSC) can be downloaded in pdf format by clicking here.

Cyber Essentials is a Cyber Security Certification created by the National Cyber Security Council to improve Cyber Resilience.

The Cyber Essentials and Cyber Essentials Plus certifications are focussed on 5 technical controls which if implemented correctly can reduce your risk of Cyber-attack by 80%.

Cyber Essentials controls:

  • Malware Protection
  • Secure Configuration
  • Patch Management
  • Boundary Firewalls
  • Access Control

NCSC Cyber Essentials Infrastructure Requirements

Cyber Essentials Question Set

Cyber Essentials Question Set

To download the latest question set for Cyber Essentials known as Montpellier, please click here.

The question set covers a broad range of questions focussed around the 5 technical controls: Malware protection, Secure Configuration, Patch Management, Boundary Firewalls and Access Control.

The Montpellier Question set comprises of a number of questions which all applicants must respond to.

To be successful in your certification, applicants can only have a maximum of two Major non-compliances.

The question set is also available in an excel format, please speak to the team if you would like a copy of this.

IASME Cyber Assurance Requirements Standard 6.0

To download the latest question set for Cyber Assurance known as Hartnell please click here.

IASME Cyber Assurance is a comprehensive, affordable and flexible cyber security standard providing assurance that the organisation obtaining it has implemented a range of vital cyber security, privacy and data protections measures within their business.

It aligns with the UK Governments 10 steps to Cyber Security in addition to Data Privacy controls. Cyber Assurance also offers smaller companies within a supply chain a ‘right sized’ approach to demonstrate their level of information security for a realistic cost.

Critical Cyber Security measures are applied which include assessing and managing risk, training people and setting practical policies as well as resilience strategies including Data Backup, Business Continuity Planning and Incident Response as well as Legal and Regulatory requirements which are also addressed such as your country’s implementation of GDPR.

The question set is also available in an excel format, please speak to the team if you would like a copy of this.

IASME Cyber Assurance Requirements Standard

 

IASME Cyber Assurance Question Set

IASME Cyber Assurance Question Set

To download the latest question set for Cyber Assurance known as Hartnell please click here.

IASME Cyber Assurance is available in two levels – 1. A verified assessment and 2. An audited assessment.

For Level 1 – verified assessment, organisations access a secure portal to answer around 160 questions about their security. The assessment is marked by Fourtify OR another Certification Body and a pass or fail is returned to the organisation.

For Level 2 – audited, an assessor from Fourtify conducts an on-site audit of the controls, processes and procedures covered in the IASME Cyber Assurance standard. The audited version gives a higher level of assurance and is pass or fail. (There are no longer bronze, silver, and gold classifications to achieve).

The new standard covers 13 themes:

  • Planning Information Security
  • Organisation
  • Information Assets
  • Legal and Regulatory Landscape
  • Assessing and treating Cyber Risk
  • Physical and Environmental Protection
  • People
  • Access Control / Managing Access
  • Technical Intrusion
  • Backup and Restore
  • Secure Business Operations
  • Cyber Resilience – Business Continuity, Incident Management and Disaster Recovery.

The question set is also available in an excel format, please speak to the team if you would like a copy of this.

 

IASME Cyber Baseline Requirements

To download the latest question set for IASME Cyber Baseline Standard (v1) known as Aylard please click here.

IASME Cyber Baseline has been designed to provide a comprehensive, affordable, and flexible Cyber Security standard for organisations outside of the United Kingdom. Providing Level 1 and Level 2 Certifications, IASME Cyber Baseline is an international cyber security standard developed to help organisations demonstrate alignment with frameworks such as: Cobit & CIS Controls v8.

The IASME Cyber Baseline scheme allows every size of organisation in every sector to start their cyber security journey with simple cyber security measures along 8 themes. As organisations increase their maturity, they may choose to continue developing their security posture towards including the full 13 themes of IASME Cyber Assurance.

The question set is also available in an excel format, please speak to the team if you would like a copy of this.

 

IASME Cyber Baseline logo orange circle with a tick

 

IASME Cyber Baseline Requirements Standard

 

IASME Cyber Baseline logo orange circle with a tick

IASME Cyber Baseline Question Set

IASME Cyber Baseline Question Set

To download the latest question set for IASME Cyber Baseline known as Aylard please click here.

IASME Cyber Baseline is available in two levels – 1. A verified assessment and 2. An audited assessment.

For Level 1 – verified assessment, organisations access a secure portal to answer the assessments questions about their security. The assessment is marked by Fourtify and a pass or fail is returned to the organisation.

For Level 2 – audited, an assessor from Fourtify conducts an on-site audit of the controls, processes and procedures covered in the IASME Cyber Baseline standard. The audited version gives a higher level of assurance and is pass or fail. (

The new standard covers 8 themes:

  • Planning Information Security
  • Organisation
  • Information Assets
  • Legal and Regulatory Landscape
  • Secure Architecture
  • Physical and Environmental Protection
  • People
  • Policy Realisation
  • Managing Access
  • Technical Intrusion
  • Backup and Restore
  • Secure Business Operations
  • Cyber Resilience: Business Continuity, Incident Management and Disaster Recovery.

The question set is also available in an excel format, please speak to the team if you would like a copy of this.