Indelible Data offers a range of packages for Cyber Essentials certification.
In January 2022, the NCSC overhauled the Cyber Essentials scheme with more comprehensive controls and as Cyber Security apprentice Thomas Boughton explains, applicants have been given more time to meet the new requirements.
These controls related to in-scope thin client devices, the segregation of unsupported software, and requiring MFA for cloud services. Due to possible difficulties for organisations, a grace period of one year was offered to allow them to process these changes.
This grace period has now increased by three months, meaning that the updated technical controls will be required from April 2023 instead of January 2023.
This results in the grace period ending when the scheme will be updated next. Future updates to the scheme can be expected to affect:
- Only firmware relating to routers and firewalls will be needed to be supported and up to date.
- Third Party Devices. New information regarding how third-party devices, such as student devices, can be treated.
- Device Unlocking. When default device unlocking settings cannot be configured, the default settings will be acceptable.
- Malware Protection. Anti-Malware software no longer needs to be signature based. Sandboxing will be removed as an option.
- Zero Trust Architecture Guidance. More advice will be given for zero trust architecture and asset management.
Click here to see the original NSCS blog.