UK GOVERNMENT BASELINE

Cyber Essentials & Plus

The mandatory security standard for any organization bidding for UK public sector contracts. Protect against 80% of common cyber attacks.

What is it?

Cyber Essentials focuses on 5 key technical controls: Firewalls, Secure Configuration, User Access Control, Malware Protection, and Patch Management.

Cyber Essentials (Basic)

SELF-ASSESSMENT

  • Self-Assessment Questionnaire (SAQ)
  • Signed by a Board Member
  • Free Cyber Liability Insurance (if eligible)
  • Listed on NCSC Database

Cyber Essentials Plus

TECHNICAL AUDIT

  • Everything in Basic, PLUS:
  • External Vulnerability Scan
  • Internal Workstation Audit (Sample)
  • Mobile Device Audit
  • Independent Verification by Cloudgap

The Pathway to Certification

1. Pre-Assessment Scan

We scan your external IPs first. If you have critical vulnerabilities older than 14 days, you will fail. We find them early.

2. Remediation

We help you fix the technical debt: removing unsupported software, fixing firewall rules, and tightening admin access.

3. Basic Submission

We assist you in completing and submitting the official IASME self-assessment questionnaire to get your Basic badge.

4. Plus Audit

For "Plus", we coordinate the external vulnerability scan and perform the on-site (or remote) workstation audit.