USA
Select regional store:

Defining the scope for Cyber Essentials certification

What is in scope and what is not for Cyber Essentials?

As a Cyber Essentials scheme applicant, you will need to ensure that your organization meets all the requirements.

Our online portal will help you accurately define your scope.

Your Cyber Essentials assessment and certification can cover the whole IT infrastructure, or a sub-set. However you define your boundary, your devices and software will need to meet the following conditions:

  • Accept incoming network connections from untrusted Internet-connected hosts
  • Establish user-initiated outbound connections to devices via the Internet
  • Control the flow of data between any of the above devices and the Internet

In addition to mobile or remote devices owned by your organization, user-owned devices that access organizational data or services are in scope. 

Wireless devices (including wireless access points) are in scope if they can communicate with other devices via the Internet.

If it is practicable to apply the requirements to Cloud services, these services are within the boundary of scope. Commercial web applications created by development companies (rather than in-house developers) and which are publicly accessible from the Internet are in scope by default.

1.

Identify

The level of Cyber Essentials your organization wishes to be certified to.



2.

Scope

What is in and what is out of scope.


3.

Questionnaire

Verify that your IT is suitably secure and meets the standards set by Cyber Essentials.


4.

Remediate

Ensure all five controls are implemented correctly.


5.

Submit SAQ

Submit the SAQ (self-assessment questionnaire) for official assessment and certification.


6.

Scan

External vulnerability scan of the Internet-facing networks and applications.


7.

Complete Cyber Essentials

Achieve all the requirements of Cyber Essentials.


8.

On-site assessment

Conduct the on-site assessment and perform the necessary internal scan.


9.

Review

If there are nonconformities, you will receive feedback to help you close these gaps.


10.

Resolve

If there are nonconformities, you will be required to fix them.



11.

Reassess

Repeat testing will be conducted until nonconformities are fixed.


12.

Final analysis

Subject to a positive outcome, we issue your Cyber Essentials Plus certificate.

Secure your organization with Cyber Essentials

With IT Governance, you can complete the entire certification process quickly and easily using our online portal for as little as $390.

Shop now

This website uses cookies. View our cookie policy
Save on
Training