USA
Select regional store:

Cyber Essentials FAQs

General information about the scheme

  • Why should we get a Cyber Essentials certificate?
  • What is required for certification to Cyber Essentials?
  • What is required for certification to Cyber Essentials Plus?
  • Who will conduct the assessments for Cyber Essentials and Cyber Essentials Plus?
  • How long will it take between submitting our questionnaire and receiving our certificate?
  • Why choose a CREST-accredited certification body?

Application process

  • What can we expect from the Cyber Essentials application process?

Certification

  • Where can we display our Cyber Essentials certificate?
  • Where are Cyber Essentials certified organizations listed?
  • How do certified organizations get listed on the NCSC website?
  • How do we renew our Cyber Essentials certificate?

Guidance about the certification process

  • We need more guidance about the certification process.

Defining the scope

  • How do we define the scope?
  • What should a scope description look like?
  • How do we determine IP addresses?
  • What should we do if we have more than 16 IP addresses?
  • How do we determine how many workstations, mobile devices, and build types need to be tested for Cyber Essentials Plus?
  • What should we do if we have more than ten device builds?

Vulnerability scanning

  • Why do some certification bodies require an external scan in addition to the SAQ?
  • Must we have vulnerability scans/penetration tests provided by a third party?
  • Should we apply for a Cyber Essentials badge in addition to our ISO 27001 certification?
  • Can we use our existing vulnerability scanning/penetration testing company?
  • Can we self-certify and carry out our own vulnerability scans and penetration tests?
  • What is the difference between the types of scans and assessments that will be conducted by the certification body for Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials and ISO 27001 certification

  • Do organizations have to certify to Cyber Essentials if they have already achieved ISO 27001 certification?
  • Should we apply for a Cyber Essentials badge in addition to our ISO 27001 certification?
  • Can Cyber Essentials replace ISO 27001?
  • Which should we start first: Cyber Essentials, ISO 27001, or both at the same time?
This website uses cookies. View our cookie policy
Save on
Training