Cyber Essentials

Cyber Essentials Plus は、英国政府が支援し業界がサポートする英国発の認定スキーム。

英国National Cyber Security Center にCyber Essentialsについて解説されている。認定された企業名が検索できます。

 以下の5項目についてチェックリストに答える形で認定される。

FIVE TECHNICAL CONTROLS

1. Use a firewall to secure your internet connection
2. Choose the most secure settings for your devices and software
3. Control who has access to your data and services
4. Protect yourself from viruses and other malware
5. Keep your devices and software up to date
>関連する25項目のチェックリスト

 さらに、第三者認証により認定する仕組みもCyber Essential Plusとして運用されています。

【参考】AWSの説明(Cyber Essentials Plus)

【参考】マイクロソフト(Azure)の対応、解説「英国サイバーの Essentials PLUS」

Cyber Essentials checklist

  1. Use a firewall to secure your internet connection
    1. ☐ understand what a firewall is
    2. ☐ understand the difference between a personal and a boundary firewall
    3. ☐ locate the firewall which comes with your operating system and turn it on
    4. ☐ find out if your router has a boundary firewall function. Turn it on if it does
  2. Choose the most secure settings for your devices and software
    1. ☐ know what ‘configuration’ means
    2. ☐ find the Settings of your device and try to turn off a function that you don’t need
    3. ☐ find the Settings of a piece of software you regularly use and try to turn off a function that you don’t need
    4. ☐ read the NCSC guidance on passwords
    5. ☐ make sure you’re still happy with your passwords
    6. ☐ read up about two-factor authentication
  3. Control who has access to your data and services
    1. ☐ read up on accounts and permissions
    2. ☐ understand the concept of ‘least privilege
    3. ☐ know who has administrative privileges on your machine
    4. ☐ know what counts as an administrative task
    5. ☐ set up a minimal user account on one of your devices
  4. Protect yourself from viruses and other malware
    1. ☐ know what malware is and how it can get onto your devices
    2. identify three ways to protect against malware
    3. ☐ read up about anti-virus applications
    4. ☐ install an anti-virus application on one of your devices and test for viruses
    5. ☐ research secure places to buy apps, such as Google Play and Apple App Store
    6. ☐ understand what a ‘sandbox’ is
  5. Keep your devices and software up to date
    1. ☐ know what ‘patching’ is
    2. verify that the operating systems on all of your devices are set to ‘Automatic Update’
    3. ☐ try to set a piece of software that you regularly use to ‘Automatic update’
    4. ☐ list all the software you have which is no longer supported

 英国National Cyber Security Center にCyber Essentialsより

« Back to Glossary Index

前の記事

whitelisting

次の記事

Essential Eight