Cyber Essentials Update: New technical controls announced & IASME Maritime Cyber Baseline Scheme
The NCSC and IASME have announced an updated set of requirements for Cyber Essentials for the new year. This update (the biggest overhaul of the scheme’s technical controls since it was launched in 2014) has been made in response to the ongoing cyber security challenges that companies are facing.
The additional risks brought about by the adoption of cloud-based services and rapid digital transformation has been compounded by the shift to a more hybrid workforce and increased home-working. The refreshed Cyber Essentials requirements reflect these changes and signal a more regular review of the scheme’s technical controls.
After a major technical review of the scheme, the NCSC and IASME have updated the requirements that help organisations maintain their basic cyber hygiene, providing reassurance for their customers and their supply chain.
These changes include:
Revisions around cloud services and home-working
Improved alignment with Cyber Aware.
These changes are based on feedback from assessors and applicants, as well as consultation with the Cloud Industry Forum.
The new version of the Cyber Essentials technical requirements will be implemented for new assessment accounts from 24th January 2022.
The new requirements document and new question set are now available on the IASME website. Additional advice and guidance coming soon, with an update to the Cyber Essentials Readiness Tool also rolling out by the 24th of January.
The IASME Maritime Cyber Baseline scheme launched
Supported by The Royal Institution of Naval Architects (RINA), the IASME Maritime Cyber Baseline scheme launched in November will help vessel owners and shipping operators to improve their cyber security and align with the IMO Maritime Cyber Risk Management guidelines.
Open to vessels of all sizes and classifications, including yachts, commercial, passenger ships and merchant vessels. Provides an affordable and practical way for operators and owners to improve their cyber security to counter emerging threats and to reduce the likelihood of a cyber-attack disrupting their day-to-day operations. The scheme has been developed in partnership with maritime experts Infosec Partners.
The IASME Maritime Cyber Baseline scheme enables shipping operators and vessel owners to reassure supply chain partners, passengers, flag and port authorities that a vessel has suitable cyber security controls and processes in place. They can demonstrate compliance through an IASME Maritime Cyber Baseline digital certificate that can be displayed on board a vessel and in any business communications.
How does the scheme work?
The scheme is focused on a set of core security controls that have maximum impact on cyber security and give the best return on the effort and investment in their implementation. It has two stages of assurance:
Verified self-assessment = basic level of assurance
Audited = higher level of assurance
The controls that must be put in place on board are the same for both levels of assurance.
The verified self-assessment requires ship owners/operators to answer a series of questions about their vessel using the IASME secure online portal. The owner is required to sign a declaration attesting that the answers to the questions are accurate. The applicant receives feedback from the assessor on how they can improve the security of their vessel depending on the answers provided to the various questions.
The audited stage involves a review of systems, processes and verifying the answers provided in the self-assessment. This level must be completed by all vessels 500 gwt or over to achieve certification.
If the vessel passes the assessment, it is awarded Maritime Cyber Baseline certification. To maintain certification, an annual verified self-assessment must be completed on the first and second anniversary of the audit to demonstrate continued compliance.
Smaller vessels under 500 gwt are required to complete the verified self-assessment stage only to achieve certification. The cost is £750 + VAT
All vessels of 500 gwt or over are required to complete both the verified self-assessment stage and the audited stage to achieve certification. The cost is £1950 +VAT
For more information about the scheme visit IASME.