A framework for cyber security published by the UK's [[National Cyber Security Centre|NCSC]]. The controls it describes are simple, but should increase the baseline for security for all organisations. Cyber Essentials is self-certified, while Cyber Essentials Plus requires certification from a recognised body. The certificate is valid for 12 months Cyber Essentials only covers devices connected to the [[Internet]], and so is significantly more limited than [[NIST Cyber Security Framework]] and [[ISO 27001]]. It's also not risk-based: it just lays out a binary set of [[control|security controls]]. They are: 1. [[firewall]] 2. Secure configuration 3. [[access control]] 4. [[malware]] protection 5. security update management These controls are all [[control#Preventive|preventive]]