Vulnerability testing for Cyber Essentials Plus Certification
Organisations seeking certification to Cyber Essentials Plus require a series of internal and external vulnerability tests.
The internal tests can be described as an authenticated internal scan and a test of the security and anti-malware configuration of each device type/build.
The internal scan checks patch levels and system configurations, while the security and anti-malware test ensures that the organisation’s systems are resistant to malicious email attachments and web-downloadable binaries. As the tests are internal, they will be performed remotely or on-site by a qualified tester.
The external scan will also check the patch levels and system configurations but of the public facing infrastructure. As the tests are external, they are be performed offsite and reviewed by a qualified tester.
The following internal tests are required for Cyber Essentials Plus:
- Inbound email binaries and payloads.
- Browser malicious and non-malicious file download test.
- Authenticated vulnerability and patch verification scan.
- Account Separation to confirm standard user's do not have administrative privilege.
- Multi-Factor Authentication Check
The following external tests are required for Cyber Essentials Plus:
- Unauthenticated vulnerability and patch verification scan.
Cyber Essentials Plus results
After completing the tests, we will provide feedback stating the outcomes and explaining what actions, if any, should be taken to eliminate any risks or vulnerabilities.
Repeat testing
If the internal and/or external vulnerability tests result in a fail, we will provide a list of corrective actions to take to repeat the tests before a certificate can be awarded. Any repeat testing will be billed separately and must be completed within one month of the original tests.
Secure your organisation with Cyber Essentials
With IT Governance, you can complete the entire certification process quickly and easily as we are licenced to deliver both Cyber Essentials and Cyber Essentials Plus services.