Cyber Essentials Rules Have Been Updated

Posted: 9th Mar 2022
Cyber Essentials technical requirements have changed. Are you prepared for what the changes mean for your organisation?

Do you know the Government has released new Cyber Essentials rules?

The new version of the Cyber Essentials technical requirements was released on 24 January 2022. Any assessments beginning after this date will be certified to the new standard.

This change represents very important updates to reflect home / hybrid working, cloud IT services and MFA in particular.

So anyone wishing to renew or apply for Cyber Essentials will be required to satisfy the new standards and adhere to the new definitions (e.g. there is a new “servers” definition).

So What's New?

  • Added a home working requirement and information on how this is to be included in the scope of certifications.
  • All cloud services are now in scope, added definitions and a shared responsibility table to assist with this.
  • Extended the multi-factor authentication requirement in relation to cloud services.
  • Updated the password-based authentication requirement and added a new section on multi-factor authentication. This requirement has also been moved to the ‘user access’ control.
  • Thin clients are now in scope and added to the ‘devices’ definition.
  • Added a new device unlocking requirement to the ‘secure configuration’ control.
  • Added a new statement clarifying the inclusion of end user devices in the scope of certifications.
  • Further information on unsupported applications added to the ‘security update management’ control.
  • Removed specific ‘email, web, and application servers’ from control definitions and replaced with ‘servers’.
  • Updated the bring your own device (BYOD) section.
  • Updated the wireless devices section.
  • Added a new ‘servers’ definition.
  • Added a new ‘sub-set’ definition and information on its impact on the scope.
  • Added a new ‘licensed and supported’ definition.

Need Help With Cyber Essentials?

As trusted IT partners we will be guiding our clients through the new regulations and requirements to ensure their CE certificates are valid.

Additionally, we have launched our new Cyber Audit X solution to better guard clients against cyber security threats.

If you would like guidance on the Cyber Essentials changes and wish to work with an IT provider that values your security as much as you do, please get in touch and see how Atlas Cloud can help.

Andy Lewis - Managed Services Sales Manager
Andy Lewis
Atlas Cloud


Our Managed Service Sales Manager, Andy Lewis, has years of experience helping organisations use technology to tackle challenges like cashflow, productivity/turnaround times, security, M&A, Cyber Essentials certification and more.

About The Author

Andy has extensive managed services experience with vast knowledge of the legal sector in particular. When he’s not crafting solutions that are perfectly aligned to customer goals, he can be found supporting his beloved Liverpool.

New Research

Our recent, nationwide research shows what can be learnt from working during lockdown. Download the report today.

Sign up to newsletter?*
Privacy Notice: We won’t sign you up to any marketing mailing lists (unless you ask us to*) but we may email you to make sure you have been able to access the content successfully. View our privacy policy.