The Government approved Cyber Essentials scheme helps protect organisations of all sizes from the majority of commodity cyber attacks
By gaining gaining Cyber Essentials certification, an organisation demonstrates to its customers, investors, and supply chain members that it has implemented the Government approved minimum level of cyber security, and is therefore dependable when it comes to handling data and conducting business.
From the 24th April 2023, all organisations beginning their Cyber Essentials certification journey will now use the new ‘Montpellier’ question set (version 3.1) which is replacing the ‘Evendine’ (version 3.0) question set. Any assessments that began before 24th April, will continue to use the requirements of version 3.0 with the Evendine Cyber Essentials question set.
The new question set encompasses the following changes:
- Definition of software has been updated to include when firmware is is in scope
- Inclusion of asset management as an effective measure
- BYOD (Bring Your Own Device) guidance
- Clarification on the scope of 3rd party devices
- Update to the ‘device unlocking’ section to take into account any vendor restrictions
- An updated malware protection section
- Information about Zero Trust architecture
More detailed information on these changes has been published by IASME, the governments Cyber Essentials Partner responsible for the delivery of the scheme.
Infosec Partners are trained and licensed by IASME to certify against the Government’s Cyber Essentials Scheme. We are also available to offer consulting and support services to help you achieve Cyber Essentials Certification.
As an approved Cyber Essentials assessor, here at Infosec Partners we are fully up to speed on these changes and can help you through each step of the Cyber Essentials certification process. For more information about how we can help take the stress out of gaining Cyber Essentials certification, please get in touch. We also have some handy FAQs available which may help you in the first instance.
