Cyber Essentials is a UK government-backed cybersecurity certification scheme designed to help organisations protect themselves against the most common cyber attacks. Venvera covers the full CE lifecycle:
- Scope & Context — Define your organisation boundary, in-scope systems, cloud services, and certification level
- Requirements — Browse the official CE v3.1 technical control requirements across all 5 themes
- Controls — Implement and track controls mapped to the 5 CE themes
- Gap Assessment — Evaluate your readiness with a scored questionnaire across all themes
- Evidence — Collect and organise evidence artifacts (configs, screenshots, documents, certificates)
- Audits — Track internal reviews and CE assessor engagements
- Management Reviews — Record management review meetings with inputs, decisions, and action items
- CE Plus — Vulnerability scanning and penetration testing for CE Plus certification
- Readiness & Certification — Track certification status, milestones, and expiry dates
The 5 Technical Control Themes
Cyber Essentials is built around 5 core technical control themes that protect against the most common internet-based threats:
| Theme | Purpose |
|---|---|
| Firewalls & Internet Gateways | Protect the boundary between your internal network and the internet. Ensure default-deny rules, restricted admin access, and host-based firewalls. |
| Secure Configuration | Ensure devices and software are securely configured — remove defaults, disable unnecessary services, enforce lockout policies. |
| Access Control | Ensure only authorised individuals access systems — least privilege, unique accounts, MFA for cloud services, password policies. |
| Malware Protection | Protect against malware with anti-malware solutions, auto-updates, real-time scanning, and application control. |
| Security Update Management | Keep software patched — use supported software, apply critical patches within 14 days, monitor patch levels. |
CE Basic vs CE Plus
There are two levels of Cyber Essentials certification:
| Level | How it works |
|---|---|
| CE Basic | Self-assessment questionnaire verified by an accredited certification body. You answer questions about your controls and submit evidence. |
| CE Plus | Everything in CE Basic plus hands-on technical verification: external vulnerability scanning, internal vulnerability assessment, and configuration review by an assessor. |
Cyber Essentials certification is valid for 12 months. You must re-certify annually. Venvera tracks your certification date and expiry to help you plan recertification in time.