Cyber Essentials Pathways

Cyber Essentials Pathways (ncsc.gov.uk, )

rw-book-cover

Author: ncsc.gov.uk
Full Title: Cyber Essentials Pathways
Category: #articles
Document Note: NCSC are developing an alternative route for companies to achieve CyberEssentials certification where the prescriptive nature of CE controls is impossible to match to the organisation, through demonstration of achieving the same security outcomes. As of April 2024 moving to proof of concept.
Document Tags: cybersecurity
Summary: For large, complex firms struggling with the prescriptiveness of Cyber Essentials, ‘Pathways’ will provide a new route to certification.
URL: https://www.ncsc.gov.uk/blog-post/pathways-achieve-cyber-essentials-certification

That was the genesis of our ‘Cyber Essentials Pathways’ experiment; to explore how organisations could gain a Cyber Essentials Certificate by demonstrating they were achieving the same overall outcome, rather than by implementing the individual security controls. (View Highlight)
the vast majority of organisations will continue to follow the existing routes. Pathways will be a complementary solution for complex use cases, when the security controls cannot be evidenced. (View Highlight)
Cyber Essentials is based on what we term a ‘commodity capability’ threat model, equating to ‘Intermediate’ in the STIX Threat Actor Sophistication Definitions. (View Highlight)
The Pathways approach also needs more skilled and experienced practitioners to carry out the testing. Inevitably this will lead to higher costs for this type of assessment. (View Highlight)
The results of the Pathways experiment have been really positive. It has taken a little longer than we first thought, but we wanted to ensure we had built a good evidence base on the efficacy of the approach and that any future service could be delivered in a consistent way by multiple organisations. We’ve still got more work to do on the latter but a follow-up Blog by Anne W will give more details as we now move to a wider Proof of Concept. (View Highlight)

rw-book-cover

Author: ncsc.gov.uk
Full Title: Cyber Essentials Pathways
Category: #articles
Document Note: NCSC are developing an alternative route for companies to achieve CyberEssentials certification where the prescriptive nature of CE controls is impossible to match to the organisation, through demonstration of achieving the same security outcomes. As of April 2024 moving to proof of concept.
Document Tags: cybersecurity
Summary: For large, complex firms struggling with the prescriptiveness of Cyber Essentials, ‘Pathways’ will provide a new route to certification.
URL: https://www.ncsc.gov.uk/blog-post/pathways-achieve-cyber-essentials-certification

That was the genesis of our ‘Cyber Essentials Pathways’ experiment; to explore how organisations could gain a Cyber Essentials Certificate by demonstrating they were achieving the same overall outcome, rather than by implementing the individual security controls. (View Highlight)
the vast majority of organisations will continue to follow the existing routes. Pathways will be a complementary solution for complex use cases, when the security controls cannot be evidenced. (View Highlight)
Cyber Essentials is based on what we term a ‘commodity capability’ threat model, equating to ‘Intermediate’ in the STIX Threat Actor Sophistication Definitions. (View Highlight)
The Pathways approach also needs more skilled and experienced practitioners to carry out the testing. Inevitably this will lead to higher costs for this type of assessment. (View Highlight)
The results of the Pathways experiment have been really positive. It has taken a little longer than we first thought, but we wanted to ensure we had built a good evidence base on the efficacy of the approach and that any future service could be delivered in a consistent way by multiple organisations. We’ve still got more work to do on the latter but a follow-up Blog by Anne W will give more details as we now move to a wider Proof of Concept. (View Highlight)