IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

NCSC Cyber Essentials overhaul takes effect

Changes to the scope of the government-backed cyber security certification represent the biggest change since the scheme's launch in 2014

The National Cyber Security Centre's (NCSC) planned changes to its Cyber Essentials scheme come into effect today with amendments to the certification's scope reflecting a different world of work compared to when it was first introduced.

First announced in November 2021, the latest overhaul of Cyber Essential's technical controls is the biggest set of changes the NCSC has made since the scheme's debut in 2014.

Cloud services, home working, and identity and access management have all seen numerous changes over the past eight years that have re-shaped the world of work for most UK businesses, and the new changes reflect these specifically.

The main change on the cloud services side is the NCSC's implementation of a shared responsibility model that clearly defines the security obligations of both business and cloud provider. The main takeaway from this stage is that businesses will now be expected to take a more proactive role in ensuring their cloud provider is implementing services properly and securely.

The idea of home working was viewed as an exceptional circumstance by the NCSC when Cyber Essentials was first launched in 2014 but is far more normal now due to the pandemic.

Routers issued by internet service providers (ISPs), and ensuring they're securely set up, has been taken out of the certification's scope because the NCSC believes it's not feasible for businesses to expect employees to correctly set up their routers, even if there was guidance on how to do so from the employer. Instead, a stronger focus will be placed on firewall controls being applied to all end-user devices.

Related Resource

The secure cloud configuration imperative

The central role of cloud security posture management

The secure cloud configuration imperativeFree download

With the rise of multi-factor authentication (MFA) being more readily available and free in most cases, the NCSC has added guidance on how to choose the right additional factor for any given organisation and the password requirement of the certification has been updated in line with current guidance, and with reference to the NCSC's 'three random words' advice.

The pricing structure for certification is also changing for larger businesses, while small and micro companies will pay the same £300 + VAT for the base-level Cyber Essentials certification and £500 + VAT for Cyber Essentials Plus. The largest companies - those with 250 employees or more - will pay £500 + VAT for Cyber Essentials but have to apply for a bespoke quote for Cyber Essentials Plus.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Cloud security market to hit $106 billion by 2029
cloud computing

Cloud security market to hit $106 billion by 2029

11 Apr 2022
Alkira offers Check Point CloudGuard Security to secure virtual cloud networks
Cloud

Alkira offers Check Point CloudGuard Security to secure virtual cloud networks

29 Sep 2021
Iboss protects web sessions with remote browser isolation
Cloud

Iboss protects web sessions with remote browser isolation

16 Aug 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022