The five technical controls that form the foundation of UK cyber security compliance.
Cyber Essentials is a UK Government-backed scheme that defines a baseline set of technical controls every organisation should have in place. Understanding and applying these five controls significantly reduces exposure to the most common cyber threats.
Boundary firewalls and internet gateways that prevent unauthorised access to or from private networks. Properly configured firewalls block unnecessary inbound and outbound traffic based on defined rules.
Ensuring systems are configured to minimise vulnerabilities — removing unnecessary software, changing default credentials, and disabling features and services that aren't required for business use.
Limiting user privileges to only what is needed for their role. Standard user accounts for day-to-day tasks, administrator accounts only used when strictly necessary, and regular reviews of access rights.
Protecting devices against malware through up-to-date antivirus software, application whitelisting, or sandboxing — preventing malicious code from executing and spreading across systems.
Keeping software and operating systems up to date by applying security patches promptly. Unpatched systems are one of the most common entry points for attackers — timely patching closes known vulnerabilities.
Cyber Essentials certification demonstrates a commitment to baseline security hygiene. It is required for certain UK government contracts and provides a clear, auditable framework for reducing common cyber risk.
Academic projects covering Cyber Essentials and broader cybersecurity frameworks.