UK: Cyber security certification scheme launched
Following the consultations on the requirements for a preferred standard for cyber security, which concluded in November 2013 (background information here), the Government has launched a new cyber security certification scheme. The scheme focuses on five main controls for basic cyber hygiene:
- boundary firewalls and internet gateways;
- secure configuration;
- access control;
- malware protection; and
- patch management.
Businesses can apply for a “Cyber Essentials” certificate (based on independently verified self-assessment) or a “Cyber Essential Plus” certificate (offering a higher level of assurance through external testing). The scheme is designed to be affordable and offers a snapshot of the organisation’s cyber security effectiveness on the day of assessment. Guidance on meeting the Cyber Essentials requirements can be downloaded from the government-approved cyberstreetwise website here, and a summary of the scheme can be found here. Vodafone has become the first telecoms company to gain the UK ‘cyber essentials plus’ accreditation.