Cyber Essentials Plus Internal Retest

The prerequisites for testing

This package includes on-site testing at one location, of one type of user account, on up to ten device builds.

The duration and number of locations that must be included in the internal testing depend on the number of builds of user devices (including BYOD) that are within the scope of the certification.

The number of locations to be tested depends on whether all the different builds can be tested in one location. It is permissible to arrange a build to be delivered at a particular site for testing purposes, even if it is not normally deployed there, providing it accesses the Internet in its usual manner.

The number of builds is defined by the number of configurations of operating system and the suite of software installed. Examples of relevant software are listed below.

If more than one browser is used then each variant will be in scope for testing.

Test requirements

• All user device builds to be tested, including mobile and BYOD, must be available for testing.
• Local user accounts with username and password must be available for each user group in scope.
• Internet access from the devices being tested must be able to receive emails from our test domain and be accessible by our test web server (https://ces.itgovernance.co.uk/).
• Details of a user email account per user group being assessed must be provided.
• Workstation builds must be configured to allow an authenticated vulnerability scan that will determine patch and version numbers of installed software, and details of the account to be used.
• Remote registry must be enabled on the workstation builds, and no global policies that block the authenticated vulnerability scan are permitted.

Click here for repeat testing and assessment fees.

Conditions

Client site visits outside mainland UK (England, Scotland and Wales), where required, are subject to travel expenses. Expenses will be assessed and charged in arrears.

Read our Cyber Essentials FAQs here.