30 November, 2021

Significant Updates to Cyber Essentials 

In January 2022, the NCSC will introduce the biggest update to Cyber Essentials technical controls since the scheme's launch in 2014 and is in response to the evolving cyber security challenges that organisations are facing.

The driving factors for these changes includes the speed of the digital transformation and the adoption of cloud services as well as the move to home and hybrid working, accelerated by the COVID-19 pandemic. This refresh of Cyber Essentials also signals the start of a more regular review of the scheme’s technical controls. The updates are based on input from NCSC technical experts and include revisions to the use of cloud services, home working, multi-factor authentication, password management and security updates. 

The new version of the Cyber Essentials technical requirements is officially released on 24 January 2022. Any assessments already underway, or that begin before that date, will use the current technical standard. Organisations using the current standard will have six months from 24 January to complete the assessment. All Cyber Essentials applications starting on or after 24 January will have to use the updated version of requirements, although there will be a grace period of up to 12 months for some of the requirements.