In April 2023, the NCSC will update the technical requirements for Cyber Essentials. This update is part of a regular review of the scheme’s technical controls, ensuring that it continues to help UK organisations guard against the most common cyber threats.
After a major update last year, the 2023 update will be lighter touch, providing a number of clarifications, alongside some important new guidance. This main changes are:
- User devices: less detail will be required, making the assessment easier to complete
- Clarification on firmware to include just router and firewall firmware.
- Third party devices. More information and a new table that clarify how third-party devices, such as contractor or student devices, should be treated in your application.
- Device unlocking. Added a concession for some devices which are not capable of being configured as previously required.
- Malware protection. Anti-malware software will no longer need to be signature based.
- New guidance on zero trust architecture for achieving CE and a note on the importance of asset management.
- Style and language. Several language and format changes have been made to make the document easier to read.
If you would like advice on how this change will affect your Cyber Essentials application (new or renewal), please Contact Us.