CyberEssentials Plus

UK baseline security standard requiring verified technical controls.

CyberEssentials Plus is the UK technical baseline that verifies basic cyber controls are in place. It sits above self-assessment and focuses on the technical configuration of endpoints, services and network boundaries.

It creates practical work: defining scope, locating assets, patching and secure configuration, and assembling evidence for verification. Armstrong can assist with selecting and configuring products and preparing controls, but does not perform the formal assessment.

Access and security controls for CyberEssentials Plus

Assesses whether access restrictions, privileged account controls, authentication and authorisation meet CyberEssentials Plus standards.

AD360

Provides MFA, SSO, provisioning and access controls to enforce directory authentication and authorisation.

View Product

WALLIX PAM

Centralises privileged credential storage and session control to restrict and monitor administrative access.

View Product

PAM360

Discovers and manages privileged accounts, automates rotation and records sessions for controlled access.

View Product

Specops Password Policy

Enforces password complexity and banned-password checks to prevent weak or compromised Active Directory passwords.

View Product

Audit evidence for CyberEssentials Plus

Collection of records, logs and reports that show CyberEssentials Plus controls are in place and that support audit enquiries.

NetWrix Auditor

Collects tamper-evident audit records and reports to demonstrate security controls and changes.

View Product

ADAudit Plus

Records AD and Windows events, producing searchable audit trails and reports for compliance review.

View Product

Patch Manager Plus

Automates patch deployment and produces patch-status reports to evidence timely vulnerability remediation.

View Product

MOVEit Transfer

Maintains detailed transfer logs and activity reports to provide audit evidence of file exchange and handling.

View Product

M365 Manager Plus

Collects Microsoft 365 activity and configuration data and produces reports to support compliance audits.

View Product

Identity360

Aggregates identity activity and access events across systems to aid investigation and compliance reporting.

View Product

CyberEssentials Plus — data protection and handling

Specifies classification, protection, transfer and retention requirements for organisational data under CyberEssentials Plus.

MOVEit Transfer

Encrypts and controls file transfers with access controls and logs to secure and govern sensitive data.

View Product

Netwrix Endpoint Protector

Enforces and logs removable device and transfer policies to prevent unauthorised data exfiltration from endpoints.

View Product

RecoveryManager Plus

Performs scheduled backups and enables granular recovery to protect data and demonstrate restore capability.

View Product

Netwrix Data Classification

Discovers and labels sensitive data across repositories to support controlled handling and compliance reporting.

View Product

Where CyberEssentials Plus fits

The standard links to identity, endpoint protection, patch management, network devices and cloud services. Its checks are practical and focus on authentication, configuration hygiene and basic boundary defences.

You should consider CyberEssentials Plus when setting asset inventory, change processes and supplier requirements. Armstrong often helps align product settings and control processes to meet the required checks without operating customer environments.

Discuss your CyberEssentials Plus implementation

Speak to a specialist