.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Validate your cyber hygiene with a hands-on independent technical audit.Cyber Essentials Plus is the higher tier of the UK’s Cyber Essentials scheme. It covers the same five technical controls as Cyber Essentials but adds an independent, hands-on technical assessment — including vulnerability scans and tests — performed by a certified assessor.
Cyber Essentials Plus provides stronger assurance than the base certification because controls are independently tested rather than self-declared.
Who needs Cyber Essentials Plus?
Higher-assurance suppliers
Organizations needing to prove controls are not just declared but verified.
Government contractors
Contracts handling more sensitive information may require the Plus tier.
Key components
All five base controls
Firewalls, secure configuration, access control, malware protection, and patching.
Internal vulnerability scan
Authenticated scans of a sample of devices.
External vulnerability scan
Testing of internet-facing systems for vulnerabilities.
Assessor verification
Hands-on testing by an independent certified assessor.
How DSALTA helps with Cyber Essentials Plus
Activate Cyber Essentials Plus
Select Cyber Essentials Plus from the Frameworks page. DSALTA maps the five control areas.
Collect evidence automatically
Connect integrations to verify patching, malware protection, and configuration.
Frequently asked questions
Do I need base Cyber Essentials first?
Do I need base Cyber Essentials first?
You must hold or achieve Cyber Essentials certification as part of obtaining the Plus tier.
What does the assessor test?
What does the assessor test?
The assessor performs internal and external vulnerability scans and verifies the five controls on a sample of devices.