Cyber Essentials Update for 2022

Cyber Essentials Updated for 2022

On January 24^th we saw some changes to the Cyber Essentials certification requirements. Some current requirements are being strengthened, a new requirement has been introduced and we are made aware of 3 new requirements to be introduced in 12 months’ time.

These changes comes in the wake of the continuing growth of cybercrime in the form of phishing attacks, database hacks, and malware attacks. Last year data breaches costs increased from £2.83m in 2020 to £3.11m in the UK and cybercrime was expected to peak at £4.4 trillion worldwide. The implementation of Cyber Essentials can reduce the chances of a successful attack against your systems and data.

What are the changes in this update of Cyber Essentials?

The new changes enhance section 2 – Secure Configuration, and focus on cloud provided services, whether this is Infrastructure as a Service (IaaS), Platform as a Service (PaaS) or Software as a Service (SaaS).

There is also more emphasis on mandatory Multi Factor Authentication (MFA) where available, and the requirement strengthens the usage of MFA for access to user and administration accounts where possible.

What’s new in the Toolkit?

Version 4 of CertiKit’s Cyber Essentials Toolkit incorporates these new changes and has a new document to record Cloud Services. The Password Policy has undergone significant review in line with the latest requirements and recommendations for cloud-based access by users, and MFA password configuration for cloud-based systems access.

The Cloud Services Register, with an example provided, is used to record Cloud Services used by the organization. This document covers several requirements that are a part of the latest Cyber Essentials update and will make it easier for an organization to show evidence for certification.

Brand new documents

Cloud Services Register: Document to record the cloud services that are used within the organization, the type of service, the name of the service provider and if MFA is available for admin or user accounts.
EXAMPLE Cloud Services Register: A populated example showing different types of cloud services, cloud providers and whether MFA is available.

More Cyber Essentials Resources

CertiKit is a provider of document toolkits and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the Cyber Essentials scheme, we’ve put together a list of our best free resources including sample documents, blogs and downloadable documents.

Free Cyber Essentials Resources

Testimonials

Compared to competing toolkits, your ISO27001 document structure was very good. The provided "Introduction" of each was useful (I have moved those out of the core documents and into a more comprehensive manual) for the general audience vs security staff. The inclusion of references to 27017 and 27018 were appreciated. You provided more "ISMS-C" oriented artefacts than competitors.

Trusted By Design Inc.
Canada

View all Testimonials

Get in touch

Privacy Notice

X

Toolkits

Enhanced Gap Assessments

Toolkit Add-on

Blog Cyber Essentials Updated for 2022

Cyber Essentials Updated for 2022