The following checklist applies to both Cyber Essentials and Cyber Essentials Plus requirements, the difference being that with the latter a technical expert conducts a vulnerability scan and remote audit of your IT systems, including a representative set of user devices, all Internet gateways and all servers with services accessible to unauthenticated Internet users.
The questions that will need to be answered include:
- Ensure all your operating systems are still being supported by the manufacturer (including mobile phones, servers, tablets etc.)
- Apply all operating systems’ security patches within the 14-day time period.
- If you are using the Office suite, it must be on a supported version with all the security patches applied.
- Ensure the anti-malware agent is up to date and functional.
- Update the web browser to the latest version, or at least apply the latest version with a patch for a high-risk or critical vulnerability.
- Disable auto-run and ensure you have a process for new starters and leavers and providing role-based access control.
- Ensuring administrator accounts are not used for non-administrative tasks.
- Ensure all default passwords are changed on the firewall, on the systems and ensure they are changed to a secure password.
- Ensure all unnecessary applications are removed. This can either be achieved with a ‘gold image’ or manual removal of relevant software.
- Ensure all the software you are running is supported and up to date.
This was a useful information gathering exercise for us.
Do you know where your greatest vulnerabilities sit?
Find out through a Cyber Security Headline Assessment
Find out more
related BLog
Understanding Defence Cyber Certification (DCC)
Published on
29 May
2026
URM’s blog explains how the DCC works, who needs it, the benefits of certification, with clear guidance on how to approach compliance and avoid common mistakes.
Read more
Cyber Security
Published on
22/5/2026
Cyber Security and the Board: The UK Cyber Resilience Pledge in FocusURM’s blog explains the purpose, structure and content of the Government’s new Cyber Resilience Pledge, and what it means for organisations across the UK.
Read more
Cyber Security
Published on
16/4/2026
Mitigating Cyber Risks: Why Cyber Essentials Matters More Than EverURM’s blog highlights the growing threat to cyber security in the UK and the importance of the Cyber Essentials scheme in mitigating these risks.
Read more
Cyber Security
Published on
16/4/2026
Cyber Essentials Requirements UpdateURM’s blog breaks down the latest changes to the Cyber Essentials requirements and outlines why these updates matter for organisations seeking certification.
Read more
"
I know many Cyber Essentials providers are rigid to the point of not understanding the goal of CE, but we haven’t found that with URM. We are extremely happy with the service we’ve received – our Cyber Essentials recertifications are always painless and straightforward. The different assessors we’ve had have all been great and pitch to the right level, as well as having an extremely strong knowledge of the subject matter. The account management side is also excellent. Our Account Manager checks in with us on a regular basis, and is very approachable and credible, with a comprehensive understanding of Cyber Essentials.
CISO at University of Surrey
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.