Changes to Cyber Essentials and Cyber Essentials Plus

Changes to Cyber Essentials and Cyber Essentials Plus

28th April 2021 Brigantia

In April every year, IASME provides an update to the Cyber Essentials and Cyber Essentials Plus process for the coming twelve months.  For those of you that are unaware, IASME is the governing body for Cyber Essentials and Cyber Essentials Plus, as instructed by the NCSC.

In this year’s update there are no major changes, but there are several requirement clarifications: these came into effect on the 26th of April 2021. The changes include the following:

  1. There are new definitions for a corporate virtual private network (VPN), organisational data and organisational services.  These definitions assist when applying the requirements for Bring Your Own Device (BYOD).
  2. An update to the Bring Your Own Device (BYOD) requirement to explain what is out of scope.
  3. Clarification on when and where software firewalls are acceptable as the internet boundary.
  4. An update to the security update management control.  This will include automatic updates where possible and clarify the position on updates that do not include details of the level of vulnerabilities that the respective update fixes.

To view these changes please click on the following link, this will take you directly to the full article.

Not currently offering Cyber Essentials or Cyber Essentials Plus?

If you are currently missing out on offering Cyber Essentials and Cyber Essentials Plus to your clients, and you want to address this, then please contact Brigantia’s Product Specialist, Mark Buddery,

About the author

Chris Speight: