HM Government launches a new security standard – Cyber Essentials
The Rt Hon David Willetts MP, Minister of State at the Department for Business, Innovation & Skills launched a new set of standards aimed at helping organisations i) to reduce their vulnerability to cyber threats; and ii) to demonstrate that the organisation takes seriously the safeguarding of information.
The scheme is aimed at all businesses and not-for-profit organisations and to reflect the differing security risks of organisations there are two levels of award, namely, Cyber Essentials and Cyber Essentials Plus. The former award has an online self-certifying approach requiring the Head of Business or Organisation to declare that the organisation meets the requirements of the standard. The declaration will be sent to a certification body for verification and providing sufficient confidence exists in the implementation of the necessary controls, a certificate will be issued.
The Cyber Essentials Plus award requires independent testing of the organisations security controls. The testing required will establish the effectiveness of the controls implemented by using vulnerability and penetration tests. The Plus award offers a higher level of assurance to interested parties and the organisation will need to make a judgment as to which award level best suits the organisation.
The requirements of both levels of the scheme centre on the full implementation of controls under the following, selected categories: -
- Boundary firewalls and internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
Adoption of the controls is clearly best practice for any organisation and although the scheme is voluntary the Government has stated that as from 1st October 2014 certain public sector contracts will only be awarded to suppliers who have adopted the Cyber Essentials scheme and gained the award. It is envisaged that many other parties will begin to expect organisations to have gained the award such as insurance companies, regulatory bodies and larger corporates.
Further details of the scheme can be found at https://www.gov.uk/government/publications/cyber-essentials-scheme-overview