The CE Plus page tracks the additional technical testing required for Cyber Essentials Plus certification.
Scan types
| Type | What it covers |
|---|---|
| External Vulnerability Scan | Scanning internet-facing services for known vulnerabilities, misconfigurations, and exposed services. |
| Internal Vulnerability Scan | Scanning internal network segments for unpatched software, misconfigurations, and lateral movement risks. |
| Configuration Review | Assessor-led review of device configurations against CE requirements and CIS benchmarks. |
Tracking results
For each scan, record the tool used, scan date, and severity breakdown (Critical, High, Medium, Low). Link to the full report for assessor review.
Critical and high vulnerabilities found during CE Plus testing must be remediated before certification can be granted. Plan remediation time into your certification timeline.