Cyber Essentials is a simple but effective, UK government-backed scheme that will help you to protect your organization, whatever its size, against a whole range of the most common cyber attacks. Its controls provide guidance on the basics that can be done to prevent the most common attacks. In doing so, it’s possible to avoid being seen as a low-hanging fruit by attackers looking for minimal-effort opportunities.
Cyber Essentials certification comes in 2 flavours: the basic Cyber Essentials certification, and the enhanced Cyber Essentials Plus. The non-plus version requires an organization to complete a self-assessment (though you are required to provide evidence as to your responses), whereas the Plus variant requires the same basic self assessment, which then goes through a hands-on technical validation by an assessor from the IASME consortium. There are no extra controls required for Plus certification, only the validation method differs.
If you would like to bid for UK central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services, you will require Cyber Essentials Certification. In doing this, the UK Government aims to reduce risk throughout it’s supply chain.
Cyber Essentials provides guidance that can be broken down into 5 technical control themes:
The process of checking for compliance within your VMware environments can be arduous and costly, and any kind of manual checks are subject to human error, so it is important to automate as much as possible.
Runecast is a patented enterprise IT platform that provides IT ops and security teams one platform for configuration monitoring, vulnerability management, security compliance, remediation, upgrade planning and reporting.
Runecast Analyzer automates the process of checking VMware vSphere resources for compliance against the Cyber Essentials standard – over 20 cross-referenced checks. Each finding maps to a specific Cyber Essentials technical control theme, and as with all other standards covered within Runecast Analyzer, we show the details not only of all of the impacted objects, but also both the wording from the standard and a technical translation, as well as details of how to manually audit the finding and remediate any non-compliances.
With Runecast Analyzer, you get year-round, 24/7 visibility into your audit compliance posture. It allows you to get immediate visibility into risks and non-compliances inherent in your environment, allowing you to identify gaps between where you are and a fully compliant state, and also show as soon as any objects move out of compliance.
The solution runs entirely on-premises, with no data leaving your control. All analysis takes place on the Runecast Analyzer appliance. Move to a more proactive way of handling your compliance requirements!
Run it... you will be amazed by the findings. We always think that a lot of applications are secure by nature and by how they’ve been designed, but after deploying Runecast you really understand the gaps that you might have in your environment and it’s definitely an eye-opener.
Vice President - Infrastructure & Security at Oman Airports
