Cyber Essentials Keeping UK Businesses Safe

A primary objective of the UK Government's National Cyber Security Strategy is to make the UK a safer place to conduct business online and from 1 October 2014 all suppliers must be compliant with the new Cyber Essentials controls if bidding for government contracts which involve handling of sensitive and personal information and provision of certain technical products and services.  You can find further information here.

To achieve this, CREST was engaged by CESG (now known as the NCSC), the information security arm of GCHQ, to develop an assessment framework to support the Government's "Cyber Essentials" scheme, which forms a key deliverable of this strategy.

By deploying these controls, organisations can defend against the most common form of basic cyber attacks originating from the Internet.

The Cyber Essentials scheme identifies some fundamental technical security controls that an organisation needs to have in place to help defend against Internet-borne threats.

CREST is an approved accreditation body under the UK Government Cyber Essentials scheme. CREST certifies its member companies to provide Cyber Essentials services. Each of these organisations is a member of CREST and further information about the role of CREST can be found at www.crest-approved.org.

Selected by industry experts, the technical controls within the scheme reflect those covered in well-established standards, such as the ISO/IEC 27000 series, the Information Security Forum’s Standard of Good Practice for Information Security and the Standard for Information Assurance for Small and Medium Sized Enterprises.

You can download a copy of the CREST Cyber Essentials Overview here

The NCSC are planning significant changes to the Cyber Essentials Scheme.  You can read more here.