Advertisement
General Atomics LB

News

Articles

Information

Resources

Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Security
  • /
  • NCSC extends Cyber Essentials technical controls certification grace period

Security

NCSC extends Cyber Essentials technical controls certification grace period

Posted 7 December 2022
The National Cyber Security Centre (NCSC) has extended the 2022 technical controls certification grace period date for Cyber Essentials - the government-backed, industry supported scheme helping organisations protect themselves against cyber attacks - from the end of January to April 2023.

Image courtesy NSCS

In January, the NCSC announced an update of the Cyber Essentials technical controls. This move was part of a regular review of the scheme to ensure it keeps evolving as the threat landscape and technologies change.

That update was the biggest overhaul of the scheme’s technical controls since its launch in 2014. For this reason, NCSC recognised that some organisations might need to make extra efforts when assessed against the new standards and so offered a grace period of up to 12 months for three of the requirements:

Advertisement
ODU RT
  • any thin clients included in the scope of certification must be supported and receiving security updates
  • all unsupported software is either removed or segregated from scope via a sub-set
  • all user accounts on cloud services are protected by multi-factor authentication (MFA)

This grace period was due to end in January. However, the decision has now been made to extend this grace period for a further three months until April 2023. This will coincide with the next, light touch, update to Cyber Essentials’ technical requirements.

The April 2023 update to the Cyber Essentials technical requirements will focus largely on a series of clarifications. It will, however, also include important new guidance:

  • Clarification on firmware – All firmware is currently included in the definition of ‘software’, so must be kept up to date and supported. Due to difficulties with information provided by vendors, this is changing to just router and firewall firmware.
  • Third party devices – Further information and a new table clarifying how third-party devices such as contractor or student devices should be treated in applications.
  • Device unlocking – A change in this section to mitigate issues around some default settings in devices being unconfigurable. Where that is the case, it is acceptable for applicants to use those default settings.
  • Malware protection – Anti-malware software will no longer need to be signature based and clarification has been added around which mechanism is suitable for different types of devices. Sandboxing is being removed as an option.
  • Guidance on zero trust architecture in the context of achieving Cyber Essentials and a note on the importance of asset management.
Advertisement
ODU RT

NCSC will aim to announce the full update of the requirements in January, ahead of the go-live in April 2023.

 

 

Advertisement
FIA2026 animated banner
Optera funding fuels UK hub for space domain awareness

Defence Security Space

Optera funding fuels UK hub for space domain awareness

15 June 2026

Optera, a neuromorphic sensing company delivering next-generation space domain awareness (SDA), has raised £3 million to establish and scale its UK headquarters and engineering team.

BAE Systems and NEC sign MoU to strengthen Japan

Security

BAE Systems and NEC sign MoU to strengthen Japan's cyber defence

15 June 2026

BAE Systems and NEC Corporation have signed a Memorandum of Understanding (MoU) to combine expertise for the implementation of active cyber defence (ACD) solutions for the Japanese Government.

Lightfoot International joins Nordic Climate Group in UK

Defence Security

Lightfoot International joins Nordic Climate Group in UK

11 June 2026

Nordic Climate Group has acquired Lightfoot International, a specialist provider of cooling solutions for defence and industrial applications.

SIA publishes new strategic plan

Security

SIA publishes new strategic plan

11 June 2026

The SIA has published its new three year Strategic Plan 2026-29, covering its upcoming expanded remit, as well as its Business Plan 2026-27, focusing on delivery over the next year.

Advertisement
ODU RT
PoliceAI to speed up investigations and crimefighting

Security

PoliceAI to speed up investigations and crimefighting

10 June 2026

Officers across England and Wales will spend less time behind desks and more time protecting their communities, as the government today launches PoliceAI – a new national centre dedicated to the responsible development, piloting and scaling of artificial intelligence in policing.

Smith Detection

Aerospace Security

Smith Detection's SDX 10080 SCT receives UK DfT approval

10 June 2026

Smiths Detection announced today that its SDX 10080 SCT has received UK Department for Transport (DfT) approval for deployment across UK airports and cargo operators for hold baggage and air cargo screening.

Advertisement
ODU RT
Advertisement
General Atomics LB

News

Articles

Information

Resources

© 2026 Advance - All rights reserved

Website by Silkstream

The views expressed are not necessarily those of ADS or its members. No responsibility or liability is accepted by ADS, the editorial team or the publisher for any loss occasioned to any person, legal or physical, acting or refraining from action as a result of any statement, fact, figure, expression of opinion or belief contained within this site.

Advertisement
FIA2026 animated banner