Cyber Essentials: why first attempts fail (and a four-minute pre-check)
The five control areas where evidence beats assumptions.
Cyber Essentials: why first attempts fail
Cyber Essentials is a gate for much UK public-sector supply. First-time applicants often fail on basics: default credentials still on a device, shared admins, patches outside the 14-day window for criticals.
The scheme is accessible. The gap is between what teams believe is true and what evidence shows.
Firewalls
Over-permissive inbound rules, or home-worker routers still on factory passwords.
Secure configuration
Default accounts on switches, printers, NAS, access points.
Access control
Shared admin, local admin for everyone, stale accounts.
Malware protection
Expired agents, unmanaged devices, definitions out of date.
Patching
Fourteen days for high or critical updates. Unsupported apps on scoped devices fail the line.
Sentinel CE-Ready
A free ten-question self-assessment and PDF gap summary before you pay certification fees.
If you are Not Ready, fix gaps before you submit. For a guided evidence pack and control closure, see Cyber Essentials readiness services on westgatesentinel.co.uk.
Richard Stainforth, Westgate Sentinel Consulting Ltd. CISM.