Share this article

Cyber Essentials logoIntroduction.

If you’re renewing your Cyber Essentials certification for your business, you’ll need to know about the latest updates to the scheme.

According to the NCSC, these changes emphasise and clarify key aspects of Cyber Essentials certification. Instead of adding new requirements, they ensure existing guidance and definitions aren’t misinterpreted. These updates came into force on 24 April 2023. So anyone renewing their certification must follow the new guidelines and questions.

Here’s our quickfire guide to the changes.

If you’re getting started with Cyber Essentials, take a look at our previous blog explaining what Cyber Essentials involves and how it helps your business.

What’s new for Cyber Essentials in 2023?

The latest Cyber Essentials updates are part of regular reviews into the scheme’s effectiveness. They ensure it continues helping businesses defend against evolving cyber threats.

The changes stem from assessor and business feedback, alongside input from technical experts from the NCSC.

As well as changes to language and structure, updates include:

User Devices.

Every user device within the scope of Cyber Essentials certification only needs the make and operating system listed. You don’t have to list the device model anymore. This change applies to the self-assessment questions.

Software and Firmware.

There’s an updated definition of “software” to clarify what’s in scope. All firmware is included in “software”, meaning it has to be kept up-to-date and fully supported. For firewalls and routers, you just need to list the make and model (not the operating system version, as this information is often difficult to find).

Third-Party Devices.

There’s more information on third-party devices as well as clarification on how these devices (for instance student or contractor devices) should be managed.

Device Unlocking.

Updates reflecting that some device configurations can’t be altered due to manufacturer restrictions. For instance, a device locks after a certain number of login attempts. In these cases, using unalterable default settings is acceptable.

Malware Protection.

Dropping requirements for anti-malware software to be signature-based”. There’s clarification on which mechanisms are best for specific devices, with sandboxing removed as a possibility.

Zero Trust Security.

New guidance on the importance of asset management and using a Zero Trust model. Extra information on how this impacts Cyber Essentials certification.

Cyber Essentials Plus.

Updates to the Cyber Essentials Plus “Illustrative Test Specification Document to reflect the changes above. The most important changes are an updated and simplified set of Malware Protection tests.

BYOD Guidance.

Links added to the NCSC’s BYOD guidance (that’s “Bring Your Own Device”), helping employees use their own phones, laptops and tablets to conduct work and access data.

For more details on these changes, check out the latest Cyber Essentials news from the NCSC.


There’s also further guidance from IASME to help businesses through the Cyber Essentials certification process. This includes new question explanations and an in-depth knowledge base.

Thank you for reading our latest article. 

We hope that you found the above article helpful and you now fully understand the latest updates that have been applied to the Cyber Essentials Scheme. However, if you have any further questions or queries, then don’t hesitate to call us on 020 3963 5533 and one of our team will be happy to help! 

Do you need help with becoming Cyber Essentials Certified?  

Our in-house Cyber Security experts have helped businesses of all types and sizes become Cyber Essentials and Cyber Essentials Plus certified by taking full ownership of the certification and renewal process. To discuss your requirements in further detail, call 020 3963 5533 and speak directly to one of our Cyber Security consultants today, or provide more information about your requirements on one of our many online contact forms. We look forward to hearing from you today.  

Share this article

Tell us more about your IT support requirements…

If you are looking for professional IT support then complete the following form below. An account manager will then contact you to discuss your requirements in further detail.

OhSo Technical will use the information you provide on this form to provide you with updates and marketing. By selecting the boxes below, you confirm your acceptance to receive marketing communications from OhSo Technical.