[1] Cyber Essentials also includes an assurance framework and a simple set of security controls to protect information from threats coming from the internet.
[2] The Cyber Essentials program provides two levels, the first is self-certification and the second requires independent validation of claims made:[3][4] Commonly referred to as mark your own homework,[5] organisations self-assess their systems, and then complete an online assessment.
The online assessment is marked by a Cyber Essentials Assessor who provides feedback on any areas where improvements could be made.
[9] Since October 2014, Cyber Essentials certification has been required for suppliers to the central UK government who handle certain kinds of sensitive and personal information.
[15] After the WannaCry ransomware attack, NHS Digital refused to finance the £1 billion which was the estimated cost of meeting the Cyber Essentials Plus standard, saying this would not constitute value for money and that it had invested over £60 million and planned to spend a further £150 million to address key cyber security weaknesses over the next two years.
[18] Cloud services, BYOD, home working, thin clients and MFA will see big changes as part of the assessment.