Home / Frameworks / Cyber Essentials

Cyber Essentials v3.2

UK NCSC Cyber Essentials certification - 5 technical controls to protect against common cyber attacks

This is a reference tool, not an authoritative source. For official documentation, visit www.ncsc.gov.uk.

Framework data extracted from the UK NCSC v3.2 Set Theory Relationship Mapping (STRM) files, licensed under Open Government Licence . Attribution required per license terms.

SCF Official Site License Terms

30 All

FW — Firewalls (7 requirements)

FW-01Firewall Protection

FW-02Change Default Passwords

FW-03Restrict Admin Interface Access

FW-04Block Unauthenticated Inbound

FW-05Document Firewall Rules

FW-06Remove Unnecessary Rules

FW-07Software Firewall on Untrusted Networks

MP — Malware Protection (3 requirements)

MP-01Malware Protection Mechanism

MP-02Anti-Malware Software Configuration

MP-03Application Allow Listing

SC — Secure Configuration (6 requirements)

SC-01Remove Unnecessary User Accounts

SC-02Change Default Passwords

SC-03Remove Unnecessary Software

SC-04Disable Auto-Run

SC-05Authenticate Users

SC-06Device Locking Controls

SUM — Security Update Management (4 requirements)

SUM-01Licensed and Supported Software

SUM-02Remove Unsupported Software

SUM-03Enable Automatic Updates

SUM-04Apply Critical Updates Within 14 Days

UAC — User Access Control (10 requirements)

UAC-01User Account Creation Process

UAC-02Unique User Credentials

UAC-03Remove Inactive Accounts

UAC-04Implement MFA

UAC-05Separate Admin Accounts

UAC-06Remove Special Access When Not Required

UAC-07Password Brute-Force Protection

UAC-08Password Quality Requirements

UAC-09Password Management Support

UAC-10Compromised Password Process