UK Government

Cyber Essentials — UK Baseline Security Certification

Required for UK government contracts. 5 control themes, ~25 controls. The fastest framework to certify — start here, expand later to ISO 27001 and AI governance.

Get Started Book a Demo

~25Controls

5Control Themes

2Certification Levels

What is Cyber Essentials?

Cyber Essentials is the UK government-backed certification scheme designed to help organisations protect themselves against the most common cyber attacks. It is mandatory for organisations bidding on UK government contracts involving the handling of sensitive information.

The scheme covers 5 control themes: Firewalls, Secure Configuration, User Access Control, Malware Protection, and Security Update Management. There are two levels: Cyber Essentials (self-assessment) and Cyber Essentials Plus (independently verified).

Cyber Essentials is designed to be achievable by organisations of all sizes, making it the ideal starting point for a broader compliance programme. Many organisations begin with Cyber Essentials and progress to ISO 27001 — Norivo supports this journey with clear upgrade paths and overlap mapping.

Cyber Essentials certification from £300 + assessment. Norivo manages the process and provides a clear upgrade path to ISO 27001 and AI governance.

Why Norivo for Cyber Essentials?

Fastest Certification

Cyber Essentials is the quickest framework to certify. Norivo's guided workflow gets you assessment-ready in days, not weeks.

Clear Upgrade Path

Start with Cyber Essentials, then expand to ISO 27001 and AI governance. Norivo maps the progression with zero duplicate work.

Self-Assessment Automation

Nora pre-fills your Cyber Essentials self-assessment questionnaire based on evidence already collected from your integrations.

Key Requirements

Firewalls and internet gateways

Boundary firewalls and default configuration

Secure configuration of devices and software

Removal of unnecessary software and services

User access control and privilege management

Administrative account controls

Password-based authentication policies

Multi-factor authentication (where applicable)

Malware protection measures

Application whitelisting or sandboxing

Security update management and patching

Automatic update configuration

How Norivo Helps

Scope your certification

Define which systems and networks are in scope. Norivo's wizard helps you determine the right boundary for certification.

Assess your 5 control themes

Guided assessment against all 5 themes. Norivo identifies gaps and provides remediation steps for each control.

Collect evidence automatically

Integrations with your security tools auto-collect evidence for firewalls, patching, access control, and more.

Complete self-assessment

Nora pre-fills your Cyber Essentials questionnaire. Review, submit for certification, and plan your ISO 27001 upgrade path.

Get Cyber Essentials Compliant

Get set up by our team in under 48 hours.