{"id":2669,"date":"2021-11-17T12:56:41","date_gmt":"2021-11-17T12:56:41","guid":{"rendered":"https:\/\/amtivo.com\/uk\/standards\/uncategorized\/untagged\/cyber-essentials-plus-checklist\/"},"modified":"2025-12-15T16:18:11","modified_gmt":"2025-12-15T16:18:11","slug":"cyber-essentials-plus-checklist","status":"publish","type":"standard-post-filter","link":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/checklists\/cyber-essentials-plus-checklist\/","title":{"rendered":"Explore Our Free Cyber Essentials Plus Checklist"},"content":{"rendered":"<p><strong>Cyber Essentials Plus is a professionally accredited scheme designed to help organisations identify and guard against the most common cyber threats and demonstrate their commitment to cyber security. Find out more about this certification below.<\/strong><\/p>\r\n<h2>\u00a0<\/h2>\r\n<h2>Cyber Essentials Plus Checklist<\/h2>\r\n<p>British Assessment Bureau can help clients achieve certification to Cyber Essentials (CE) and Cyber Essentials Plus (CE+), both of which are accredited by the <a href=\"https:\/\/iasme.co.uk\/\" target=\"_blank\" rel=\"noopener\">IASME Consortium<\/a>, which is itself the sole Cyber Essentials accreditation body for the <a href=\"https:\/\/www.ncsc.gov.uk\/\" target=\"_blank\" rel=\"noopener\">National Cyber Security Centre (NCSC)<\/a>, the government department that operates the scheme.<\/p>\r\n<h2>\u00a0<\/h2>\r\n<h2>What Is Cyber Essentials?<\/h2>\r\n<p>Cyber Essentials is a professionally accredited scheme designed to help organisations identify and guard against the most common cyber threats and demonstrate their commitment to cyber security. Cyber Essentials accreditation is mandatory for businesses supplying products and services to some government departments, such as the <a href=\"https:\/\/www.gov.uk\/government\/organisations\/ministry-of-defence\" target=\"_blank\" rel=\"noopener\">Ministry of Defence<\/a> and <a href=\"https:\/\/www.gov.uk\/government\/organisations\/hm-revenue-customs\" target=\"_blank\" rel=\"noopener\">HMRC<\/a>.<\/p>\r\n<p>There are two levels of certification, <strong>Cyber Essentials,<\/strong> and <strong>Cyber Essentials Plus<\/strong>.<\/p>\r\n<ul>\r\n\t<li><strong>Cyber Essentials (CE)<\/strong> \u2013 CE is an independently verified self-assessment. Organisations assess themselves against five basic security controls, and a qualified assessor verifies the information provided. These controls cover firewalls, secure configuration, access controls, malware, and patch management.<\/li>\r\n\t<li><strong>Cyber Essentials Plus (CE+)<\/strong> \u2013 CE+ is a higher level of assurance. A qualified and independent assessor examines the same five controls, testing that they work in practice by simulating basic hacking and phishing attacks. It involves a technical audit of the systems that are in-scope for CE by checking the CE controls have been applied as per the self-assessment.<\/li>\r\n<\/ul>\r\n<p>Organisations need to obtain CE certification before gaining CE+ certification.<\/p>\r\n<h2>\u00a0<\/h2>\r\n<h2>Why You Should Get Cyber Essentials Certification<\/h2>\r\n<p>Achieving Cyber Essentials certification protects your organisation against cyber attacks, keeping important data safe and reassuring customers of your organisation\u2019s resilience to cyber threats.<\/p>\r\n<p>Benefits include:<\/p>\r\n<ul>\r\n\t<li><strong>Customer reassurance<\/strong> \u2013 build trust and confidence in your IT systems and your ability to protect sensitive customer data.<\/li>\r\n\t<li><strong>Protect your business<\/strong> \u2013 prevent cyber attackers from stealing intellectual property or compromising information systems.<\/li>\r\n\t<li><strong>Tender requirements<\/strong> \u2013 many businesses and organisations require suppliers to hold valid Cyber Essentials certification.<\/li>\r\n\t<li><strong>IT awareness<\/strong> \u2013 build an understanding of your existing IT robustness to meet compliance and governance requirements.<\/li>\r\n<\/ul>\r\n<p>Read our guide to Cyber Essentials and <a href=\"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/guides\/mod-cyber-essentials-requirements-guide\/\" rel=\"noopener\">working with the MoD<\/a>.<\/p>\r\n<h2>\u00a0<\/h2>\r\n<h2>Cyber Essentials Plus Requirements<\/h2>\r\n<p>There are several tests in Cyber Essentials Plus over and above the basic Cyber Essentials assessment. Tests have greater complexity with more effort required. Failure in any one area of the assessments will result in an overall fail.<\/p>\r\n<p>To achieve Cyber Essentials Plus, a certification body conducts a range of external and internal technical tests to validate approaches to the additional elements.\u00a0A successful pass means that the certification body awards the CE+ certificate. IASME requirements mean that your organisation will need to undertake CE+ certification within three months of obtaining CE.<\/p>\r\n<p>Additional Cyber Essentials Plus elements include:<\/p>\r\n<ul>\r\n\t<li>Authenticated vulnerability scanning of representative user endpoints, including internet-facing servers.<\/li>\r\n\t<li>Vulnerability scanning of external internet-facing infrastructure.<\/li>\r\n\t<li>Password guessing of exposed authentication services.<\/li>\r\n\t<li>Email attachment tests.<\/li>\r\n\t<li>Web browser download checks.<\/li>\r\n\t<li>Review of mobile devices such as smartphones and tablets.<\/li>\r\n<\/ul>\r\n<p>Tests for CE+ include a representative set of user devices, all internet gateways, and all servers with services accessible to unauthenticated internet users. It is recommended that other devices such as additional servers and network hardware are also scanned to provide a complete assessment of the infrastructure.<\/p>\r\n<p>Cloud services are considered out of scope where they are provided as Software as a Service (SaaS) such as Microsoft Office 365. Where cloud services are used as Infrastructure as a Service (IaaS) and the customer is responsible for patching and other services such as installing software, these are considered in scope. Platform as a Service (PAAS) can be a grey area and is considered on a case-by-case basis.<\/p>\r\n<h2>\u00a0<\/h2>\r\n<h2>Cyber Essentials Plus \u2013 Preparation Process<\/h2>\r\n<p>While Cyber Essentials can be independently verified through self-assessment, your organisation should conduct a pre-assessment appraisal through a <a href=\"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials-plus\/certification\/\" rel=\"noopener\">certification body such as British Assessment Bureau<\/a> when seeking to obtain Cyber Essentials Plus certification. A pre-assessment appraisal details the overall process and the vulnerability scanning software and settings, allowing you to prepare for the assessment properly.<\/p>\r\n<p>Pre-scans should be conducted before pre-auditing, allowing issues to be flagged and discussed with the certification body before the audit.<\/p>\r\n<p>Typical CE+ certification pre-assessment preparation includes:<\/p>\r\n<ul>\r\n\t<li><strong>Assessment scoping:<\/strong>\r\n<ul>\r\n\t<li>Head office including all internet-facing devices<\/li>\r\n\t<li>Scans of each computer build type<\/li>\r\n\t<li>Remote office scanning from head office \u2013 usually 20% of remote offices, with visitation required if remote scanning is not possible.<\/li>\r\n<\/ul>\r\n<\/li>\r\n\t<li><strong>Internet network vulnerability scanning<\/strong><\/li>\r\n\t<li><strong>Anti-virus software compliance with EICAR files<\/strong> \u2013 This is a file format developed by the <a href=\"https:\/\/www.eicar.org\/\" target=\"_blank\" rel=\"noopener\">European Institute for Computer Antivirus Research<\/a> to test the response of anti-virus software.<\/li>\r\n\t<li><strong>User Access Control (UAC) operations<\/strong>.<\/li>\r\n<\/ul>\r\n<p>Following any onsite tests, British Assessment Bureau also conducts an external vulnerability and email test.<\/p>\r\n<h2>\u00a0<\/h2>\r\n<h2>Cyber Essentials Plus Checklist<\/h2>\r\n<p>As well as conducting preparation planning ahead of undergoing a Cyber Essentials Plus assessment, it\u2019s important to monitor and keep IT systems updated and security controls in place and effective.<\/p>\r\n<p>Our Cyber Essentials Plus checklist includes:<\/p>\r\n<ul>\r\n\t<li>Keep your software up to date and don\u2019t use unsupported software.<\/li>\r\n\t<li>Use suitable firewalls that are maintained and updated with controls regularly monitored.<\/li>\r\n\t<li>Ensure exposed services are configured with strong passwords, using combinations of letters, numbers, and symbols.<\/li>\r\n\t<li>Regularly change passwords and require users to update passwords when accessing services.<\/li>\r\n\t<li>Ensure patch management processes are robust. (While software patches can fix security vulnerabilities and bugs, patching can sometimes introduce new vulnerabilities or compatibility issues. Missing patches for critical or security updates more than 14 days old will result in CE+ failure).<\/li>\r\n\t<li>Ensure device software and applications are up-to-date, and devices are running the latest operating system.<\/li>\r\n<\/ul>\r\n<p>Effective Cyber Essentials Plus preparation can save time and money, providing insights into your IT infrastructure and identifying gaps and issues before undertaking a certification assessment. CE+ requires higher standards and more detailed assessment, with a greater level of scrutiny that raises the bar in terms of successful certification.<\/p>\r\n<p>If your organisation is looking to protect itself at this higher level and make a statement to potential customers, we believe it is worth the extra work and investment, particularly as, in our experience, the process of achieving Cyber Essentials certification helps you identify areas of weakness and make the necessary adjustments.<\/p>\r\n<h2>\u00a0<\/h2>\r\n<h2>Cyber Essentials Plus Support<\/h2>\r\n<p>If you&#8217;re looking to achieve Cyber Essentials certification or would like to have a chat about any aspect of your own cyber security strategy, please <a href=\"https:\/\/amtivo.com\/uk\/contact-us\/\" rel=\"noopener\">get in touch<\/a> with the expert team at British Assessment Bureau or <a href=\"https:\/\/amtivo.com\/uk\/certification-quote\/\" rel=\"noopener\">request a quote today<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"Cyber Essentials Plus: A checklist to help businesses meet certification requirements.","protected":false},"author":24,"featured_media":2111,"template":"","meta":{"_acf_changed":false,"_searchwp_excluded":"","footnotes":""},"standard-post-categories":[31,77],"standard-post-tags":[32,86],"class_list":["post-2669","standard-post-filter","type-standard-post-filter","status-publish","has-post-thumbnail","hentry","standard-post-categories-insights","standard-post-categories-checklists","standard-post-tags-cyber-essentials","standard-post-tags-cyber-essentials-plus"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Explore Our Free Cyber Essentials Plus Checklist<\/title>\n<meta name=\"description\" content=\"Want to gain Cyber Essentials Plus accreditation? Read our Cyber Essentials Plus Checklist to support your application.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/checklists\/cyber-essentials-plus-checklist\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Explore Our Free Cyber Essentials Plus Checklist\" \/>\n<meta property=\"og:description\" content=\"Want to gain Cyber Essentials Plus accreditation? Read our Cyber Essentials Plus Checklist to support your application.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/checklists\/cyber-essentials-plus-checklist\/\" \/>\n<meta property=\"og:site_name\" content=\"Amtivo UK\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-15T16:18:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/10.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/testimonialImage-placeholder.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"6 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Explore Our Free Cyber Essentials Plus Checklist","description":"Want to gain Cyber Essentials Plus accreditation? Read our Cyber Essentials Plus Checklist to support your application.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/checklists\/cyber-essentials-plus-checklist\/","og_locale":"en_GB","og_type":"article","og_title":"Explore Our Free Cyber Essentials Plus Checklist","og_description":"Want to gain Cyber Essentials Plus accreditation? Read our Cyber Essentials Plus Checklist to support your application.","og_url":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/checklists\/cyber-essentials-plus-checklist\/","og_site_name":"Amtivo UK","article_modified_time":"2025-12-15T16:18:11+00:00","og_image":[{"width":600,"height":400,"url":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/10.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_image":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/testimonialImage-placeholder.jpg","twitter_misc":{"Estimated reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/checklists\/cyber-essentials-plus-checklist\/","url":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/checklists\/cyber-essentials-plus-checklist\/","name":"Explore Our Free Cyber Essentials Plus Checklist","isPartOf":{"@id":"https:\/\/amtivo.com\/uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/checklists\/cyber-essentials-plus-checklist\/#primaryimage"},"image":{"@id":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/checklists\/cyber-essentials-plus-checklist\/#primaryimage"},"thumbnailUrl":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/10.jpg","datePublished":"2021-11-17T12:56:41+00:00","dateModified":"2025-12-15T16:18:11+00:00","description":"Want to gain Cyber Essentials Plus accreditation? Read our Cyber Essentials Plus Checklist to support your application.","breadcrumb":{"@id":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/checklists\/cyber-essentials-plus-checklist\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/checklists\/cyber-essentials-plus-checklist\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/checklists\/cyber-essentials-plus-checklist\/#primaryimage","url":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/10.jpg","contentUrl":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/10.jpg","width":600,"height":400,"caption":"Cyber Essentials Plus"},{"@type":"BreadcrumbList","@id":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/checklists\/cyber-essentials-plus-checklist\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/amtivo.com\/uk\/"},{"@type":"ListItem","position":2,"name":"Standards","item":"https:\/\/amtivo.com\/uk\/standards\/"},{"@type":"ListItem","position":3,"name":"Cyber Essentials","item":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/"},{"@type":"ListItem","position":4,"name":"Checklists","item":"https:\/\/amtivo.com\/uk\/checklists\/"},{"@type":"ListItem","position":5,"name":"Explore Our Free Cyber Essentials Plus Checklist"}]},{"@type":"WebSite","@id":"https:\/\/amtivo.com\/uk\/#website","url":"https:\/\/amtivo.com\/uk\/","name":"Amtivo","description":"","publisher":{"@id":"https:\/\/amtivo.com\/uk\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/amtivo.com\/uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/amtivo.com\/uk\/#organization","name":"Amtivo","url":"https:\/\/amtivo.com\/uk\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/amtivo.com\/uk\/#\/schema\/logo\/image\/","url":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/10\/cropped-BAB-Amtivo-Joint-Logo-Updated-300ppi.png","contentUrl":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/10\/cropped-BAB-Amtivo-Joint-Logo-Updated-300ppi.png","width":371,"height":203,"caption":"Amtivo"},"image":{"@id":"https:\/\/amtivo.com\/uk\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-filter\/2669","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-filter"}],"about":[{"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/types\/standard-post-filter"}],"author":[{"embeddable":true,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/users\/24"}],"version-history":[{"count":12,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-filter\/2669\/revisions"}],"predecessor-version":[{"id":7227,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-filter\/2669\/revisions\/7227"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/media\/2111"}],"wp:attachment":[{"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/media?parent=2669"}],"wp:term":[{"taxonomy":"standard-post-categories","embeddable":true,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-categories?post=2669"},{"taxonomy":"standard-post-tags","embeddable":true,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-tags?post=2669"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}