{"id":6454,"date":"2022-03-09T12:32:28","date_gmt":"2022-03-09T11:32:28","guid":{"rendered":"https:\/\/www.gpsj.co.uk\/?p=6454"},"modified":"2022-03-10T16:42:09","modified_gmt":"2022-03-10T15:42:09","slug":"is-your-department-and-supply-chain-ready-for-the-changes-to-the-governments-new-cyber-certification-scheme","status":"publish","type":"post","link":"https:\/\/www.gpsj.co.uk\/?p=6454","title":{"rendered":"Is your department and supply chain ready for the changes to the Government\u2019s new cyber certification scheme?"},"content":{"rendered":"

By Dave Woodfine, Co-founder and Managing Director at\u00a0<\/em>Cyber Security Associates<\/em><\/a><\/p>\n

Earlier this year, the World Economic Forum named cyber security failures as one of the biggest threats facing international governments and business, and the UK is no exception. The UK\u2019s public sector is currently facing a rise in the number of cyber security incidents. The\u00a0Ministry of Justice<\/a>\u00a0revealed that it faced a series of data breaches and ransomware attacks over the course of the 2020-21 financial year, and it will likely face many more in the near future.<\/p>\n

How to protect yourself<\/strong><\/p>\n

To help business and government organisations keep themselves safe from the most common cyber-attacks, the National Cyber Security Centre (NCSC) launched the Cyber Essentials certification scheme in 2014. This year, to help increase security across both the public and private sector, the NCSC has updated some of the scheme\u2019s key requirements, which came into effect on the 24th January 2022.<\/p>\n

Meeting these new requirements is necessary to pass the Cyber Essentials assessment, which is mandatory for certain Government departments and advised for most other sectors. Although these changes are positive and much needed as cyber threats become ever more sophisticated, they will require extra effort for public sector departments, and accredited third party suppliers, to comply. Companies will be given six months to complete the certifications and ensure their systems are secure, with 12 months\u2019 grace on some requirements.<\/p>\n

The certification\u2019s cost<\/strong><\/p>\n

One of the main changes to Cyber Essentials is the new tiered pricing system. Up until this year, the assessment cost the same for companies or organisations of all sizes – just \u00a3300. Now, though, the prices vary depending on the amount of employees. After all, the bigger an organisation, the more changes need to be made, and assessments will take longer for them.<\/p>\n

Talking about the change, Anne W, the NCSC\u2019s Head of Commercial Assurance Services, said, \u201cWhile Cyber Essentials is designed to help any organisation attain a minimum level of cyber security, the assessment process can be quite complex. We want to continue to ensure this important scheme remains accessible to every business, no matter their size.\u201d Micro organisations, or those with nine or less employees, will still pay \u00a3300. Small organisations, with 10-49 employees, will have to pay \u00a3400. Medium-sized organisations, or those with 50-249 employees, pay \u00a3450. Finally, organisations with over 250 employees will now have to pay \u00a3500 for the assessment.\"\"<\/a><\/p>\n

Changes for remote workers<\/strong><\/p>\n

Many of the updated requirements concern those working from home, reflecting the changes in the workplace landscape over the past couple of years. According to the scheme\u2019s requirements, anyone working from home for any period of time is classed as a \u2018home worker.\u2019 Home workers\u2019 devices, such as laptops, tablets, and smartphones, will now fall under the scope of Cyber Essentials, and will need to be secure enough to pass the certification assessment. In fact, all devices used to access your data or services will be in scope, too. However, home workers\u2019 routers won\u2019t be in scope, so any firewalls must be present on their devices rather than the router. The one exception to this is if the business or organisation has provided the router – in this case, it will be in scope too..<\/p>\n

Changes for cloud services<\/strong><\/p>\n

All cloud services are now fully integrated into the Cyber Essentials scheme, meaning that your organisation will be held responsible for making sure that controls are implemented to protect any data that\u2019s being hosted on the cloud. Users will need to check the cloud services that they\u2019re using and ensure that they meet the standards of the Cyber Essentials standards.<\/p>\n

Multi-factor authentication, or MFA, must also be used by any accounts that can access the cloud services. MFA makes accounts more secure, as rather than just entering a password, the user has to provide more than one method of verification. Four methods are accepted by the updated requirements, including: a known or trusted account, a physically separate token, a managed enterprise device, and an app on a trusted device.<\/p>\n

Other changes to note\u00a0<\/strong><\/p>\n

There are also a number of smaller updates that need to be implemented. From now on, if they want to pass the assessment, departments will no longer be allowed to pick and choose which software updates they use. All high and critical updates or patches, to both software and devices, will need to be installed within 14 days, and automatic updates should also be enabled. All servers, which includes virtual servers, will now fall under the scope of Cyber Essentials, as will thin clients (or \u2018dumb terminals\u2019 capable of accessing a remote desktop). Separate accounts must also be used whenever accessing an administrative account.<\/p>\n

While it might seem like a lot of work, all of these new requirements are necessary for those looking to pass the Cyber Essentials assessment and obtain the new certification. Only then will you be able to prove to other departments, organisations, and even companies that your information is secure, and that you\u2019re protected against all of today\u2019s most common online threats.<\/p>\n","protected":false},"excerpt":{"rendered":"

By Dave Woodfine, Co-founder and Managing Director at Cyber Security Associates<\/p>\n

Earlier this year, the World Economic Forum named cyber security failures as one of the biggest threats facing international governments and business, and the UK is no exception. The UK\u2019s public sector is currently facing a rise in the number of cyber security incidents. <\/p>\n

Continue reading Is your department and supply chain ready for the changes to the Government\u2019s new cyber certification scheme?<\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[1312,1],"tags":[2832,2835,1069,2830,2834,143,2831,310,2833],"class_list":["post-6454","post","type-post","status-publish","format-standard","hentry","category-central-government","category-it-it-security","tag-cyber-essentials","tag-cyber-security-associates","tag-data","tag-data-breach","tag-gchq","tag-it","tag-national-cyber-security-centrencsc","tag-public-sector","tag-the-world-economic-forum","odd"],"yoast_head":"\nIs your department and supply chain ready for the changes to the Government\u2019s new cyber certification scheme? - Government & Public Sector Journal<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.gpsj.co.uk\/?p=6454\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Is your department and supply chain ready for the changes to the Government\u2019s new cyber certification scheme? - Government & Public Sector Journal\" \/>\n<meta property=\"og:description\" content=\"By Dave Woodfine, Co-founder and Managing Director at Cyber Security Associates Earlier this year, the World Economic Forum named cyber security failures as one of the biggest threats facing international governments and business, and the UK is no exception. The UK\u2019s public sector is currently facing a rise in the number of cyber security incidents. Continue reading Is your department and supply chain ready for the changes to the Government\u2019s new cyber certification scheme?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.gpsj.co.uk\/?p=6454\" \/>\n<meta property=\"og:site_name\" content=\"Government & Public Sector Journal\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-09T11:32:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-03-10T15:42:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.gpsj.co.uk\/wp-content\/uploads\/2022\/03\/businessman-using-tablet-set-network-connection-1006041136-Copy.jpg\" \/>\n<meta name=\"author\" content=\"The GPSJ Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"The GPSJ Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.gpsj.co.uk\\\/?p=6454#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.gpsj.co.uk\\\/?p=6454\"},\"author\":{\"name\":\"The GPSJ Team\",\"@id\":\"https:\\\/\\\/www.gpsj.co.uk\\\/#\\\/schema\\\/person\\\/d54386f99736367ec2789825fed93b4a\"},\"headline\":\"Is your department and supply chain ready for the changes to the Government\u2019s new cyber certification scheme?\",\"datePublished\":\"2022-03-09T11:32:28+00:00\",\"dateModified\":\"2022-03-10T15:42:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.gpsj.co.uk\\\/?p=6454\"},\"wordCount\":862,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.gpsj.co.uk\\\/?p=6454#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.gpsj.co.uk\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/businessman-using-tablet-set-network-connection-1006041136-Copy.jpg\",\"keywords\":[\"Cyber Essentials\",\"Cyber Security Associates\",\"Data\",\"Data Breach\",\"GCHQ\",\"IT\",\"National Cyber Security Centre(NCSC)\",\"public sector\",\"The World Economic Forum\"],\"articleSection\":[\"Central Government\",\"IT & IT Security\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.gpsj.co.uk\\\/?p=6454#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.gpsj.co.uk\\\/?p=6454\",\"url\":\"https:\\\/\\\/www.gpsj.co.uk\\\/?p=6454\",\"name\":\"Is your department and supply chain ready for the changes to the Government\u2019s new cyber certification scheme? - Government & Public Sector Journal\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.gpsj.co.uk\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.gpsj.co.uk\\\/?p=6454#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.gpsj.co.uk\\\/?p=6454#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.gpsj.co.uk\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/businessman-using-tablet-set-network-connection-1006041136-Copy.jpg\",\"datePublished\":\"2022-03-09T11:32:28+00:00\",\"dateModified\":\"2022-03-10T15:42:09+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.gpsj.co.uk\\\/#\\\/schema\\\/person\\\/d54386f99736367ec2789825fed93b4a\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.gpsj.co.uk\\\/?p=6454#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.gpsj.co.uk\\\/?p=6454\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.gpsj.co.uk\\\/?p=6454#primaryimage\",\"url\":\"https:\\\/\\\/www.gpsj.co.uk\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/businessman-using-tablet-set-network-connection-1006041136-Copy.jpg\",\"contentUrl\":\"https:\\\/\\\/www.gpsj.co.uk\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/businessman-using-tablet-set-network-connection-1006041136-Copy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.gpsj.co.uk\\\/?p=6454#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.gpsj.co.uk\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Is your department and supply chain ready for the changes to the Government\u2019s new cyber certification scheme?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.gpsj.co.uk\\\/#website\",\"url\":\"https:\\\/\\\/www.gpsj.co.uk\\\/\",\"name\":\"Government & Public Sector Journal\",\"description\":\"Public Sector, Government, business, stories and news along with latest developments, research, thought leadership, strategy, policy and insights\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.gpsj.co.uk\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.gpsj.co.uk\\\/#\\\/schema\\\/person\\\/d54386f99736367ec2789825fed93b4a\",\"name\":\"The GPSJ Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/13cdd73dc4abbd6e05b80a0562c7c553a9104ad2e5e96ee20afca2c462894143?s=96&d=blank&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/13cdd73dc4abbd6e05b80a0562c7c553a9104ad2e5e96ee20afca2c462894143?s=96&d=blank&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/13cdd73dc4abbd6e05b80a0562c7c553a9104ad2e5e96ee20afca2c462894143?s=96&d=blank&r=g\",\"caption\":\"The GPSJ Team\"},\"sameAs\":[\"http:\\\/\\\/gpsj.co.uk\"],\"url\":\"https:\\\/\\\/www.gpsj.co.uk\\\/?author=3\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Is your department and supply chain ready for the changes to the Government\u2019s new cyber certification scheme? - Government & Public Sector Journal","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.gpsj.co.uk\/?p=6454","og_locale":"en_GB","og_type":"article","og_title":"Is your department and supply chain ready for the changes to the Government\u2019s new cyber certification scheme? - Government & Public Sector Journal","og_description":"By Dave Woodfine, Co-founder and Managing Director at Cyber Security Associates Earlier this year, the World Economic Forum named cyber security failures as one of the biggest threats facing international governments and business, and the UK is no exception. The UK\u2019s public sector is currently facing a rise in the number of cyber security incidents. Continue reading Is your department and supply chain ready for the changes to the Government\u2019s new cyber certification scheme?","og_url":"https:\/\/www.gpsj.co.uk\/?p=6454","og_site_name":"Government & Public Sector Journal","article_published_time":"2022-03-09T11:32:28+00:00","article_modified_time":"2022-03-10T15:42:09+00:00","og_image":[{"url":"https:\/\/www.gpsj.co.uk\/wp-content\/uploads\/2022\/03\/businessman-using-tablet-set-network-connection-1006041136-Copy.jpg","type":"","width":"","height":""}],"author":"The GPSJ Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"The GPSJ Team","Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.gpsj.co.uk\/?p=6454#article","isPartOf":{"@id":"https:\/\/www.gpsj.co.uk\/?p=6454"},"author":{"name":"The GPSJ Team","@id":"https:\/\/www.gpsj.co.uk\/#\/schema\/person\/d54386f99736367ec2789825fed93b4a"},"headline":"Is your department and supply chain ready for the changes to the Government\u2019s new cyber certification scheme?","datePublished":"2022-03-09T11:32:28+00:00","dateModified":"2022-03-10T15:42:09+00:00","mainEntityOfPage":{"@id":"https:\/\/www.gpsj.co.uk\/?p=6454"},"wordCount":862,"commentCount":0,"image":{"@id":"https:\/\/www.gpsj.co.uk\/?p=6454#primaryimage"},"thumbnailUrl":"https:\/\/www.gpsj.co.uk\/wp-content\/uploads\/2022\/03\/businessman-using-tablet-set-network-connection-1006041136-Copy.jpg","keywords":["Cyber Essentials","Cyber Security Associates","Data","Data Breach","GCHQ","IT","National Cyber Security Centre(NCSC)","public sector","The World Economic Forum"],"articleSection":["Central Government","IT & IT Security"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.gpsj.co.uk\/?p=6454#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.gpsj.co.uk\/?p=6454","url":"https:\/\/www.gpsj.co.uk\/?p=6454","name":"Is your department and supply chain ready for the changes to the Government\u2019s new cyber certification scheme? - Government & Public Sector Journal","isPartOf":{"@id":"https:\/\/www.gpsj.co.uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.gpsj.co.uk\/?p=6454#primaryimage"},"image":{"@id":"https:\/\/www.gpsj.co.uk\/?p=6454#primaryimage"},"thumbnailUrl":"https:\/\/www.gpsj.co.uk\/wp-content\/uploads\/2022\/03\/businessman-using-tablet-set-network-connection-1006041136-Copy.jpg","datePublished":"2022-03-09T11:32:28+00:00","dateModified":"2022-03-10T15:42:09+00:00","author":{"@id":"https:\/\/www.gpsj.co.uk\/#\/schema\/person\/d54386f99736367ec2789825fed93b4a"},"breadcrumb":{"@id":"https:\/\/www.gpsj.co.uk\/?p=6454#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.gpsj.co.uk\/?p=6454"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.gpsj.co.uk\/?p=6454#primaryimage","url":"https:\/\/www.gpsj.co.uk\/wp-content\/uploads\/2022\/03\/businessman-using-tablet-set-network-connection-1006041136-Copy.jpg","contentUrl":"https:\/\/www.gpsj.co.uk\/wp-content\/uploads\/2022\/03\/businessman-using-tablet-set-network-connection-1006041136-Copy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.gpsj.co.uk\/?p=6454#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.gpsj.co.uk\/"},{"@type":"ListItem","position":2,"name":"Is your department and supply chain ready for the changes to the Government\u2019s new cyber certification scheme?"}]},{"@type":"WebSite","@id":"https:\/\/www.gpsj.co.uk\/#website","url":"https:\/\/www.gpsj.co.uk\/","name":"Government & Public Sector Journal","description":"Public Sector, Government, business, stories and news along with latest developments, research, thought leadership, strategy, policy and insights","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.gpsj.co.uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.gpsj.co.uk\/#\/schema\/person\/d54386f99736367ec2789825fed93b4a","name":"The GPSJ Team","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/13cdd73dc4abbd6e05b80a0562c7c553a9104ad2e5e96ee20afca2c462894143?s=96&d=blank&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/13cdd73dc4abbd6e05b80a0562c7c553a9104ad2e5e96ee20afca2c462894143?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/13cdd73dc4abbd6e05b80a0562c7c553a9104ad2e5e96ee20afca2c462894143?s=96&d=blank&r=g","caption":"The GPSJ Team"},"sameAs":["http:\/\/gpsj.co.uk"],"url":"https:\/\/www.gpsj.co.uk\/?author=3"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/www.gpsj.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/6454","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gpsj.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gpsj.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gpsj.co.uk\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gpsj.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6454"}],"version-history":[{"count":6,"href":"https:\/\/www.gpsj.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/6454\/revisions"}],"predecessor-version":[{"id":6462,"href":"https:\/\/www.gpsj.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/6454\/revisions\/6462"}],"wp:attachment":[{"href":"https:\/\/www.gpsj.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6454"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gpsj.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6454"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gpsj.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6454"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}