Lets take a look at the patch management technical control required to pass Cyber Essentials Plus
Written by: David Henderson on Jan 05, 2023
Cyber Essentials Plus is a certification scheme developed by the UK Government to help organisations safeguard against common cyber threats. It builds upon the basic Cyber Essentials certification and involves a more rigorous assessment. It includes independent testing of an organisation's systems to ensure they meet specific security standards, providing a higher level of assurance to stakeholders and customers that their data and systems are adequately protected against cyber attacks.
In this article, we look at what patch management is and what is required as part of the technical control under Cyber Essentials Plus.
Patch management involves identifying and applying software updates or patches to address known vulnerabilities on devices, systems and apps.
Software applications regularly update with new features and address security flaws in their products. Therefore, they frequently release updates known as patches to fix these vulnerabilities. It is common for dad actors often exploit known unpatched software with certain vulnerabilities to gain unauthorised access to an organisation with the intent of stealing sensitive data or causing disruption. Patch management is a crucial business process for any organisation requiring a secure IT environment.
The objective of the control is to ensure that devices and software are not vulnerable to known security issues for which fixes are available.
Patch management is a requirement and among the 5 key controls under the Cyber Essentials Plus Programme. The scope of this control covers web, email and application servers, desktop computers, laptop computers, tablets, mobile phones, firewalls, and routers.
Under the control, organisations must keep software up-to-date and must be:
Email Us
email hidden; JavaScript is required
Call Us
+ 4428 9099 5777
Or send us a quick message
