This involves more than just patches and updates. Under the control, security update management, the description that used to be ‘patches and updates’ will be changed to ‘vulnerability fixes’ as an umbrella term for all the different methods. The cyber essentials (ce) and cyber essentials plus (ce+) certification schemes aim for enhanced authentication, remote work recognition, and improved vulnerability management. Regularly updated to ensure it remains effective, cyber essentials’ latest changes will come into force april 28, 2025, and all further applications will be assessed against the updated standards Update your vulnerability management processes to include a wider range of remediation techniques. The terminology for patching has been changed to “vulnerability fixes.” the fixes now include configuration or registry changes for vulnerabilities with a cvss score of 7 or higher
Ce+ assessments have also been updated to reflect modern risks and evolving compliance expectations. They “include patches, updates, registry fixes, configuration changes, scripts or any other mechanism approved by the vendor to fix a known vulnerability” Here’s what this update means By covering every type of remediation, this change helps you achieve compliance and stay secure against new threats. What are the changes to cyber essentials and cyber essentials plus in the april 2025 update
WATCH
