Cyber Essentials is a UK government-backed, industry supported scheme to help organisations protect themselves against common cyber attack and improve general IT security.
The scheme covers 5 main areas:
NetworkMods have assisted its customers in achieving Cyber Essentials accreditation and improving the general IT security and recovery options. This is typically achieved by completing the following steps:
Questionnaire and Security Report (to identify the areas of non-compliance in the IT System)
Development of policies, schedules and tasks required to achieve Cyber Essentials accreditation
Implementation of policies and accreditation
We can provide all or some of the services required to complete the Cyber Essentials accreditation. We have had a 100% success rate with both Cyber Essentials and Cyber Essentials Plus accreditation.
If you would like to discuss Cyber Essentials with NetworkMods, please email cyber@networkmods.co.uk or telephone 01223 788120.
Please read on for a more detailed explanation of each of the areas that NetworkMods can assist with.
The first step in developing a Cyber Essentials strategy is to look at how your current IT system is managed and configured. An analyst will run through a number of questions which relate to Cyber Essentials, general IT recovery and additional security measures that might be worthy of consideration. A report will be supplied for each of the 5 key areas with details of any compliance failures. The report will include a reference to which area and task has failed to comply, a reason for not complying and a recommendation for resolving the issue
The report will also provide a separate summary of non Cyber Essentials configurations that may be of interest e.g. Two-Step Verification or Disk Encryption
The following is a sample of the report concerning Firewall Non-Compliance Or Firewall Non Compliance
Firewall Non Compliance
B04 Temporary firewall rules are not being disabled or removed in a timely manner.
Firewall changes will leave a network more open to a security breach. Closing unrequired Firewall rules will make the network more secure. A policy will help to govern this requirement
The firewall rules records should be reviewed on a regular basis and rules that have exceeded the time expiration period should be disabled
Following the completion of the security report, we will engage in an investigative stage to collect enough detailed information on the company IT system to document Cyber Essential compliant policies for the key 5 areas. During this phase the customer will also be asked questions and have recommendations made to them to establish the management requirements of the IT System e.g. – How will you record system passwords? or Where will you record details of firewall rules? etc.
An appointment will be agreed you to schedule the completion of the certification process. This may require a 3rd party certification body visiting your site. A plan will have been developed to update the IT System according to the Cyber Essential policies and can include:
3.4 Internet access to firewall administration (BO4)
The boundary firewall administrative interface is disabled from external connections. If external administrative access is required in the future the access will be protected with:
Details of approved external connections can be found in NMITCEF01c Perimeter Security Secure Baseline Build (Appendix 4)
We will work with you to implement the configuration and management changes for the IT System.
We will provide 5 policies – one for each of the main Cyber Essentials area. Registers can also be provided to help manage the IT system. The policies and supporting files can be customised to reflect an existing quality system naming convention and will be written as an internal company document.