What is Cyber Essentials Plus (v3.2 – Technical Testing Prep)?
Cyber Essentials Plus (CE+) is a UK government-backed cybersecurity certification scheme developed by the National Cyber Security Centre (NCSC) and overseen by IASME Consortium, the official certification body. It is part of the Cyber Essentials framework, which helps organizations of all sizes protect themselves against common cyber threats.
While the basic Cyber Essentials certification is a self-assessment, Cyber Essentials Plus includes a hands-on technical verification conducted by an independent assessor. Version 3.2, released in April 2025, reflects the latest threat landscape and includes updates such as scope verification, improved sampling methodology, and stronger multi-factor authentication (MFA) testing.
CE+ is relevant to:
- Organizations in the UK public sector, or those working with UK government contracts
- Private sector businesses handling sensitive data or operating in regulated industries such as finance, healthcare, legal, and education
- IT teams, cybersecurity officers, compliance managers, and risk professionals
Many UK government tenders require Cyber Essentials Plus certification, and it aligns with broader obligations under GDPR, NIS2, and NHS’s DSP Toolkit.
The Cyber Essentials Plus (v3.2 – Technical Testing Prep) assessment on the Centraleyes platform helps organizations systematically prepare for their official CE+ audit. It ensures all necessary steps have been addressed so teams can enter the Certification Body assessment fully prepared and confident, centralizing evidence collection and results ready for the auditor.
What are the requirements for Cyber Essentials Plus (v3.2 – Technical Testing Prep)?
To be eligible for Cyber Essentials Plus, organizations must first complete and pass the Cyber Essentials basic certification. CE+ builds upon that by requiring:
- A clear definition and validation of the assessment scope
- Technical testing on a representative sample of devices
- Authenticated vulnerability scanning
- Malware protection checks through email and browser-based delivery
- Evaluation of multi-factor authentication for cloud services
- Validation of user account separation and privilege control
The testing is conducted by a Certification Body (CB) approved by IASME. Organizations must prepare for the technical audit by ensuring they meet all five CE+ control areas:
- Firewalls
- Secure configuration
- User access control
- Malware protection
- Security update management
Version 3.2 of the test specification includes enhanced guidance on:
- Verifying the scope and technical segregation
- The use of approved vulnerability scanning tools
- Updated MFA testing methods
- Clarification on virtual patching and unsupported systems
Why should you be Cyber Essentials Plus (v3.2 – Technical Testing Prep) compliant?
Becoming Cyber Essentials Plus certified demonstrates a robust level of cyber hygiene. Key benefits include:
- Eligibility for UK government contracts and meeting contractual compliance obligations
- Reduced cyber insurance premiums and improved insurability
- Stronger protection against common threats like malware, phishing, and ransomware
- Assurance to customers and partners that your organization is taking cybersecurity seriously
- Streamlined alignment with broader regulatory requirements (e.g. GDPR, NIS2)
Failing to comply may expose your organization to:
- Security breaches, data loss, or ransomware attacks
- Loss of trust from clients and partners
- Disqualification from public sector opportunities
- Legal and financial consequences related to data protection failures
How to achieve compliance using our platform
The Centraleyes platform provides an end-to-end solution to help you prepare for Cyber Essentials Plus v3.2 technical testing with speed and precision. With Centraleyes, you can:
- Pre-assess your readiness using our built-in Cyber Essentials Plus (v3.2) questionnaire
- Automate control validation for patching, MFA, malware protection, and more
- Track progress across all pre-audit requirements in one centralized view
- Receive real-time gap analysis and remediation plans
- Generate reports for auditors and evidence documentation
With Centraleyes, organizations can accelerate their journey to Cyber Essentials Plus compliance – reducing manual effort, avoiding gaps on assessment day, and demonstrating operational security maturity.
Read more: https://www.ncsc.gov.uk/files/cyber-essentials-plus-test-specification-v3-2.pdf
