Cyber Essentials is five technical controls you have to implement and prove. AiVigil builds those controls into your everyday IT — so UK businesses certify, win tenders, and stay certified without the annual panic.
On this page
The UK government-backed scheme is built around five technical controls. Get these right and you're protected against the most common attacks — and ready to certify.
Properly configured boundary and device firewalls between your network and the internet, with default passwords changed and only the necessary services exposed.
Devices and software set up to reduce vulnerabilities — removing unused accounts and software, disabling unnecessary features, and changing default settings.
Unique accounts, least-privilege access, multi-factor authentication, and a process for granting and removing access — so admin rights aren't handed out by default.
Anti-malware or application allow-listing on devices that access the internet, kept active and up to date.
Operating systems and software kept supported and patched promptly — with unsupported software removed before it becomes a way in.
Most failed assessments aren't sophisticated — they're the five controls drifting out of date while the business gets on with work.
A laptop or server running software that's months behind on updates — or no longer supported at all.
Routers, firewalls and devices still on default passwords and settings out of the box.
Day-to-day accounts with local admin, so one phishing click can compromise the whole device.
Cloud and email accounts without multi-factor authentication — a requirement the scheme now expects.
Personal phones and laptops touching company data with none of the five controls applied.
Nobody can say with confidence which devices are in scope — so the assessment stalls before it starts.
We harden boundary and device firewalls, change defaults and lock down configuration across every in-scope device.
Unique logins, least-privilege access and MFA everywhere — with admin rights granted only where they're needed.
Managed anti-malware or allow-listing on every internet-facing device, kept active and current.
Automated patching and a process to retire unsupported software before it fails an assessment.
An accurate asset inventory and the evidence each control needs — organised year-round, not reconstructed.
We prepare you for self-assessment or the Cyber Essentials Plus audit, and sit with you through it.
A plain-English self-assessment of the five Cyber Essentials controls — so UK businesses can spot their gaps before the assessor does. [ UK checklist asset to add. ]
Cyber Essentials isn't a bolt-on for us — firewalls, secure configuration, access control, malware protection and patching are the baseline of how AiVigil runs your IT.
The basics
Cyber Essentials is a UK government-backed scheme that helps organisations protect against the most common cyber attacks. It's built around five technical controls. The basic level is self-assessed; Cyber Essentials Plus adds an independent technical audit.
Both cover the same five controls. Cyber Essentials is a verified self-assessment, while Cyber Essentials Plus adds a hands-on technical audit of your systems by an assessor. We prepare you for either, so the audit finds your controls already in place.
Why it matters
Many UK central-government contracts that handle certain sensitive or personal information require suppliers to hold Cyber Essentials. Even where it isn't mandatory, it's increasingly expected in tenders and supplier security questionnaires.
Keeping it
Cyber Essentials certification lasts twelve months, so you recertify annually. We keep the five controls maintained and the evidence current year-round, so recertification is routine rather than a scramble.
Book a free IT & security risk assessment for your UK business and we'll map the five controls to your environment, gap by gap.
Book a free risk assessment