Cyber Essentials is a UK government-backed, industry supported scheme to help organisations protect themselves against common cyber attack and improve general IT security.

The scheme covers 5 main areas:

  • Firewalls
  • Secure configuration
  • User access control
  • Malware protection
  • Patch management

NetworkMods have assisted its customers in achieving Cyber Essentials accreditation and improving the general IT security and recovery options. This is typically achieved by completing the following steps:

Questionnaire and Security Report (to identify the areas of non-compliance in the IT System)

Development of policies, schedules and tasks required to achieve Cyber Essentials accreditation

Implementation of policies and accreditation

We can provide all or some of the services required to complete the Cyber Essentials accreditation. We have had a 100% success rate with both Cyber Essentials and Cyber Essentials Plus accreditation.

If you would like to discuss Cyber Essentials with NetworkMods, please email cyber@networkmods.co.uk  or telephone 01223 788120.

Please read on for a more detailed explanation of each of the areas that NetworkMods can assist with.



The first step in developing a Cyber Essentials strategy is to look at how your current IT system is managed and configured. An analyst will run through a number of questions which relate to Cyber Essentials, general IT recovery and additional security measures that might be worthy of consideration. A report will be supplied for each of the 5 key areas with details of any compliance failures. The report will include a reference to which area and task has failed to comply, a reason for not complying and a recommendation for resolving the issue.

The report will also provide a separate summary of non Cyber Essentials configurations that may be of interest e.g. Two-Step Verification or Disk Encryption

The following is a sample of the report concerning Firewall Non-Compliance Or Firewall Non Compliance

The following is a sample of the report concerning Firewall Non-Compliance Or Firewall Non Compliance

Firewall Non Compliance

B04 Temporary firewall rules are not being disabled or removed in a timely manner.

Firewall changes will leave a network more open to a security breach. Closing unrequired Firewall rules will make the network more secure. A policy will help to govern this requirement

The firewall rules records should be reviewed on a regular basis and rules that have exceeded the time expiration period should be disabled

Security Policies

Security Policies

Following the completion of the security report, we will engage in an investigative stage to collect enough detailed information on the company IT system to document Cyber Essential compliant policies for the key 5 areas. During this phase the customer will also be asked questions and have recommendations made to them to establish the management requirements of the IT System e.g. – How will you record system passwords? or Where will you record details of firewall rules? etc.

We will provide 5 policies – one for each of the main Cyber Essentials area. Registers can also be provided to help manage the IT system. The policies and supporting files can be customised to reflect an existing quality system naming convention and will be written as an internal company document.

The following is a sample of the Firewall policy document.

3.4 Internet access to firewall administration (BO4)

The boundary firewall administrative interface is disabled from external connections. If external administrative access is required in the future the access will be protected with:

• A strong password connection encrypted in SSL
• Whitelist configuration to allow access from specific IP addresses for authorised locations
• Time limited to 1 month subject to review

Details of approved external connections can be found in NMITCEF01c Perimeter Security Secure Baseline Build (Appendix 4)


Implementation and Certification

We will work with you to implement the configuration and management changes for the IT System.

An appointment will be agreed you to schedule the completion of the certification process. This may require a 3rd party certification body visiting your site. A plan will have been developed to update the IT System according to the Cyber Essential policies and can include:

• PC software removal and patching

• Firewall changes

• Anti-Virus software changes

• Introduction of registers and approval procedures

• Password management