Cyber Essentials Checklist

Cyber Essentials, a scheme endorsed by the government and established by the NCSC, offers a comprehensive accreditation for businesses of all sizes. It outlines essential practices and measures for safeguarding against cyber threats.

Achieving this certification not only equips you with the knowledge to mitigate risks but also assures your customers and potential business partners of your adherence to widely recognised cybersecurity standards.

This certification is increasingly becoming a prerequisite in various government contracts and for a growing number of organizations during their tender processes.

To assist you in understanding what is required for accreditation, we present our Cyber Essentials checklist:


  • Ensure you have a firewall to block unauthorised access to your network.
  • Configure your firewall to permit only authorised traffic.
  • Regularly update your firewall with the latest security patches.

Secure Configuration

  • Maintain a routine for reviewing and updating your devices and software security settings.
  • Utilise robust passwords and effective password management.
  • Implement multi-factor authentication wherever feasible.

Access Control

  • Establish procedures for granting and revoking system and data access.
  • Limit access to essential users.
  • Monitor user activities for any abnormal behavior.

Malware Protection

  • Install and update antivirus and anti-malware software on all devices.
  • Conduct regular malware scans.
  • Develop a strategy for responding to malware incidents.

Security Update Management

  • Consistently install updates for your operating systems and software.
  • Test and deploy security updates effectively.
  • Track and address security vulnerabilities.

In addition to these core controls, consider the following to enhance your cybersecurity posture:

Employee Training

  • Educate employees about cybersecurity best practices, including recognising and avoiding phishing scams.
  • Ensure employees are aware of how to report suspicious activities.

Incident Response Plan

  • Develop a plan for addressing cybersecurity incidents.
  • Train employees on the protocol for potential breaches.

Business Continuity Plan

  • Prepare a strategy for maintaining business operations during cybersecurity incidents.
  • Inform employees about procedures if systems are compromised.

By adhering to these guidelines, you can significantly bolster your organisation's defense against cyber attacks.

If you're uncertain about meeting the Cyber Essentials checklist requirements, our experts at Cyber Compliance are here to assist. We offer a comprehensive Cyber Essentials service, which includes evaluating your current IT infrastructure and cybersecurity approach, and providing planning, deployment, and integration of necessary tools and resources for certification. Our consultancy service is customisable for any organisation.

Contact our team today to learn how we can assist you in achieving Cyber Essentials certification.

Cyber Essentials Checklist

Download the Cyber Essentials question set

Download the Cyber Essentials question set used on all assessment accounts from April 24th 2023.

Cyber Essentials Requirements

Download the Requirements for IT Infrastructure

Cyber Essentials: Requirements for IT infrastructure v3.1