CREST Supports Government Cyber Essentials Scheme

The Cyber Essentials scheme will enable an independent assessment of the essential security controls that organisations should have in place to have a level of confidence that they are mitigating risks from internet-based threats.

CREST has been working closely with CESG, the Information Security arm of GCHQ, to develop the assessment framework for the Cyber Essentials Scheme, which is now available for external consultation. CREST, through its membership, has managed a number of successful early pilot assessments against this framework.

“The Cyber Essentials scheme provides organisations of all sizes and from all sectors, the assurance through independent assessment that they have key technical controls in place to manage certain cyber risks and can demonstrate that they have invested in cyber security,” said Ian Glover, President of CREST. “We have to recognise that many organisations need to measure and prove that certain fundamental security controls are present and they need to achieve this in a cost-effective way.  While for some organisations and systems this level will be sufficient, for the majority it will form the basis of more detailed penetration testing and other assurance related activities.  The Cyber Essentials scheme addresses the need to create a baseline for UK cyber security, building on the Government’s 10 Steps to Cyber Security guidance. We are continuing our work with CESG to help refine and roll out the scheme later this year.”

Organisations can now self-assess themselves against the Cyber Essentials profile and implement the controls. The full scheme, including external assessment and adoption of an authorised Cyber Essentials badge, will be launched in summer 2014.

For more information, visit: