Logo Transparent

The Cyber Essentials Plus Scope

Device Scope

Devices and software are within the scope of the Cyber Essentials Plus assessment if they can:

  • Accept incoming network connections from untrusted internet connected hosts.
  • Establish user-initiated outbound connections to devices via the internet.
  • Control the flow of data between any of the above devices and the internet. 

• Servers
• Mobiles
• Thin Clients

…. are all within scope for of the Cyber Essentials Plus assessment.  

Wireless Devices Scope

Wireless devices are in scope if they can communicate with other devices via the internet. 

Wireless devices are not in scope if it is not possible for an attacker to attack the device directly from the internet (the Cyber Essentials Scheme is not concerned with attacks that can only be launched from within the signal range of the device). 

The wireless devices are not in scope if they’re part of an ISP router within a home location. 

Cloud Services Scope

Each cyber essentials control requirement needs to be applied to cloud services.

All Infrastructure as a Service (IaaS), Software as a Service (SaaS) and Platform as a Service (PaaS) are within the scope of the Cyber Essentials Plus assessment.

BYOD Scope

Bring your own devices (BYOD) fall within the scope of a cyber essentials plus assessment if they are used to access organisational services including cloud services (excluding native voice, native text and MFA applications). 

The Cyber Essentials Plus Tests

A Cyber Essentials Plus Assessment Consists of 7 tests:

External Vulnerability Assessment

Internal Vulnerability Assessment

Malware Protection Assessment

Email Malware Protection Assessment

Web Malware Protection Assessment

Multi Factor Authentication Assessment

Account Separation Assesment

How to Start Your Assessment

Begin Your Cyber Essentials Plus Journey With a Free Consultation With a Key Sigma Technical Expert!

Shopping Cart