Cyber Essentials 2025
Cyber Essentials
Cyber Essentials is the entry-level, Verified Self-Assessment that demonstrates your organisation has the baseline cyber security controls in place. It is also a prerequisite for Cyber Essentials Plus.
What Cyber Essentials covers (five control areas):
- Firewalls & Internet Gateways – secure your perimeter and control inbound/outbound traffic.
- Secure Configuration – harden devices and services; disable or remove unnecessary features.
- User Access Control – grant least-privilege access and manage accounts responsibly.
- Malware Protection – deploy and manage anti-malware/EDR appropriate to your estate.
- Security Update Management – keep operating systems and apps up to date and patched.
How the assessment works:
- You complete an online questionnaire about your environment, policies, and technical controls.
- The answers are approved by someone in a leadership role within your organisation.
- One of our qualified Cyber Essentials assessor reviews your answers and then awards your Cyber Essentials certificate.
If gaps are found:
You’ll receive feedback on what needs to be fixed. Once remediated, you can resubmit for verification within the permitted window free of charge.
On success:
You’ll receive a Cyber Essentials certificate valid for 12 months from the pass date. You can optionally be listed as Cyber Essentials certified and promote your organisation’s compliance with the scheme.