The Cyber Essentials Plus Scope
Devices and software are within the scope of the Cyber Essentials Plus assessment if they can:
- Accept incoming network connections from untrusted internet connected hosts.
- Establish user-initiated outbound connections to devices via the internet.
- Control the flow of data between any of the above devices and the internet.
Wireless Devices Scope
Wireless devices are in scope if they can communicate with other devices via the internet.
Wireless devices are not in scope if it is not possible for an attacker to attack the device directly from the internet (the Cyber Essentials Scheme is not concerned with attacks that can only be launched from within the signal range of the device).
The wireless devices are not in scope if they’re part of an ISP router within a home location.