The government has worked with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to develop Cyber Essentials, a set of basic technical controls for organisations to use.
Download Cyber Essentials documents here: https://www.cyberstreetwise.com/cyberessentials/
The full scheme, launched on 5 June 2014, enables organisations to gain 1 of 2 new Cyber Essentials badges. It is backed by industry including the Federation of Small Businesses, the CBI and a number of insurance organisations which are offering incentives for businesses.
The Cyber Essentials Requirements document sets out the necessary technical controls. The Assurance Framework shows how the independent assurance process works and the different levels of assessment organisations can apply for to achieve the badges. It also contains guidance for security professionals carrying out the assessments.
From 1 October 2014, government requires all suppliers bidding for certain sensitive and personal information handling contracts to be certified against the Cyber Essentials scheme.
More information available here : https://www.gov.uk/government/publications/cyber-essentials-scheme-overview#history
CYBER ESSENTIALS SCHEME
The Cyber Essentials scheme provides businesses small and large with clarity on good basic cyber security practice. By focussing on basic cyber hygiene, your company will be better protected from the most common cyber threats.
Cyber Essentials is for all organisations, of all sizes, and in all sectors – we encourage all to adopt the requirements as appropriate to their business. This is not limited to companies in the private sector, but is also applicable to universities, charities, and public sector organisations.
Cyber Essentials is mandatory for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services. Find out more here.
The Cyber Essentials scheme has been developed as part of the UK’s National Cyber Security Programme and in close consultation with industry.