UK
Cyber Essentials
Cyber Essentials
Willow (2025)
5 controls · 1 domain
About this framework
Cyber Essentials is a UK government-backed scheme covering five basic technical controls that stop most common attacks. It's a self-assessed certification designed to be achievable for organisations of any size.
Who needs this
For UK organisations wanting a recognised baseline, often required to bid for government contracts.
Cross-framework coverage
Controls in Cyber Essentials also cover:
CIS Controls 7 shared
Cyber Essentials Plus 7 shared
NCA ECC-2 7 shared
Qatar NIA 7 shared
UAE IA 7 shared
See how Cyber Essentials connects to the rest → the Security Universe
Control domains
technical · Five Technical Controls 5
CE.1
Firewalls
Boundary firewalls and internet gateways configured to control inbound and outbound network traffic; default-deny, no unnecessary open ports, admin interfaces not exposed to the internet.
CE.2
Secure Configuration
Devices and software configured to reduce inherent vulnerabilities: remove or disable unused accounts and software, change default passwords, and apply hardened settings.
CE.3
Security Update Management
Operating systems and applications kept in support and patched; high/critical updates applied within 14 days; auto-update enabled where possible.
CE.4
User Access Control
Accounts provisioned least-privilege, unique per user, administrative privileges controlled and separated; access removed promptly when no longer required; MFA on cloud/admin where available.
CE.5
Malware Protection
Anti-malware, application allow-listing, or sandboxing in place and kept up to date to prevent execution of malicious code.
Ready to assess against Cyber Essentials?
Start free trial →