The Cyber Essentials Scheme is a government-backed security standard, which identifies the security controls an organisation must have in place within their IT systems.
The Cyber Essentials Requirements document sets out the necessary technical controls, whereas the Assurance Framework shows how the independent assurance process works, and the different levels of assessment organisations can apply for to achieve certification.
It also contains guidance for security professionals carrying out the assessments.
There are 5 technical controls required in order to achieve certification:
- Boundary Firewalls
- Secure Configuration
- User Access Control
- Malware Protection
- Patch Management