- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
Cyber Essentials Set for Major Changes in 2022
The UK government’s best practice cybersecurity framework is set to undergo the “biggest overhaul” of its technical controls since it was introduced in 2014, the National Cyber Security Centre (NCSC) has warned.
Cyber Essentials offers a simple set of steps that organizations can sign-up to and be certified against to prevent the most common cyber-threats. It’s available in a basic self-assessment version and a Cyber Essentials Plus scheme requiring hands-on technical verification by a third-party.
It covers areas such as firewalls, secure configuration, access controls and malware protection.
The new version of the program’s technical requirements will be officially released on January 24 2022.
“Any assessments already underway, or that begin before that date, will continue to use the current technical standard, meaning that in-progress certifications will not be affected. Organizations using the current standard will have six months from January 24 to complete the assessment,” the NCSC said.
“All Cyber Essentials applications starting on or after January 24 will use the updated version of requirements. We recognize that some organizations may need to make extra efforts when assessed against the new standards, so there will be a grace period of up to 12 months for some of the requirements.”
After consultation with assessors, applicants and the Cloud Industry Forum, the changes were brought in and are deemed essential to ensuring the program remains relevant amidst a fast-moving technology and threat landscape.
It also signals a more regular review process for the controls in the future, the NCSC claimed.
Among the new requirements are updates in areas such as home working, cloud services, BYOD, think clients and multi-factor authentication.
There’s also a new FAQs page and a technical blog from delivery partner IASME for further information