Blog Cyber Essentials Toolkit Updated

A summary of the toolkit changes

Many of the changes within the toolkit are to reflect the new order and wording of the controls themselves, so that the toolkit matches the guidance document published by NCSC (which is also now included in the toolkit). Some terms such as “allow-listing” have also been updated to align with current usage.

A number of policy documents have been revised to cover the new requirements, such as the Network Security Policy, Software Policy and Patch Management Policy.

We have also added some new documents to the set, to cover areas receiving increased attention within the Cyber Essentials scheme. These are:

• Configuration Management Policy
• Asset Management Policy
• Cloud Services Questionnaire
• Threat Intelligence Policy

Together these changes reflect the focus of the scheme on incorporating cloud services, increased use of multi-factor authentication (MFA) and a clear understanding of the assets of the organisation.

As a certified organisation ourselves, we are seeing a stricter interpretation of the requirements, with reviewers sometimes requesting the provision of evidence that controls are in place, so the use of good quality documentation is even more important than ever.

You can find a full list of the new Cyber Essentials Toolkit documents on our website, including what’s included in the toolkit package and details for purchase.

 

---

More Cyber Essentials Resources

CertiKit is a provider of document toolkits and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the Cyber Essentials scheme, we’ve put together a list of our best free resources including sample documents, blogs and downloadable documents.

Free Cyber Essentials Resources