Request Demo
Platform CapabilitiesPolicy Creation and ManagementFile Sharing and CollaborationFile Transfer AutomationFully Governed Email DataData Streaming with Next-gen DRMControlled AI Data AccessSecure Data Intake Via Online FormsUse CasesControl Data ExchangeMeet Regulatory RequirementsSafeguard Private AI DataPartnersTechnology PartnersMSP & MSSP PartnersResellers & Channel PartnersResourcesResource CenterDevelopersCustomersCompanyAbout UsManagementInvestorsCareersTechnical SupportNewsroomTrust PageVulnerability CenterContact UsRequest Demo
Mouseover to personalize your Kiteworks website experience

Cyber Essentials Plus

Obtain Cyber Essentials Plus certification with verified technical controls protecting against common cyber attacks as required by UK government contracts.

Cyber Essentials Plus Content

How Kiteworks Supports Cyber Essentials Plus Compliance

Cyber Essentials Plus is the UK government-backed cybersecurity certification scheme that provides organizations with verified protection against the most common cyber threats. Unlike the basic Cyber Essentials self-assessment, Cyber Essentials Plus requires independent technical verification of security controls through hands-on testing by certified assessors. Kiteworks helps organizations meet and exceed these requirements with enterprise-grade security controls built into its platform.

Understanding Cyber Essentials Plus

Developed by the UK National Cyber Security Centre (NCSC), Cyber Essentials Plus builds upon the foundational Cyber Essentials scheme by adding independent verification of five critical security controls. Organizations seeking UK government contracts involving sensitive or personal data must hold Cyber Essentials certification, and many choose the Plus level to demonstrate enhanced security commitment.

The certification process involves a qualified assessor conducting technical tests on representative systems to verify that the five controls are properly implemented and functioning as intended. This hands-on verification provides significantly greater assurance than the self-assessment approach of basic Cyber Essentials.

The Five Critical Controls

Kiteworks addresses each of the five Cyber Essentials controls through its comprehensive security architecture:

Firewalls and Internet Gateways

Kiteworks implements robust boundary security controls that align with Cyber Essentials firewall requirements:

  • Network boundary protection through hardened appliance configurations that restrict inbound and outbound traffic to authorized communication channels

  • Default-deny policies ensuring that only explicitly permitted traffic is allowed through network boundaries

  • Administrative interface protection with restricted access to management consoles and configuration interfaces from untrusted networks

  • Host-based firewalls providing defense-in-depth at the application level, complementing network perimeter controls

Secure Configuration

Kiteworks ensures secure configuration across all system components:

  • Hardened default settings with unnecessary services disabled, default passwords changed, and minimal software installation reducing the attack surface

  • Configuration baseline management ensuring all deployments maintain consistent security settings aligned with industry best practices

  • Automated configuration auditing that detects and alerts on deviations from approved security baselines

  • Removal of unnecessary accounts and services that could provide attackers with additional entry points

Access Control and User Authentication

Robust access controls are fundamental to Cyber Essentials Plus certification. Kiteworks delivers:

  • Multi-factor authentication for all user accounts, preventing unauthorized access even when credentials are compromised

  • Role-based access control implementing the principle of least privilege to limit user permissions to those required for their specific duties

  • Strong password policies enforcing complexity requirements, rotation schedules, and lockout mechanisms against brute-force attacks

  • Privileged account management with separate administrative accounts, session monitoring, and enhanced authentication for elevated access

Malware Protection

Kiteworks provides comprehensive protection against malicious software:

  • Anti-malware scanning of all files uploaded, downloaded, and shared through the platform, preventing the spread of malicious content

  • Sandboxing capabilities that isolate suspicious files for analysis before allowing them into the production environment

  • Application whitelisting that restricts execution to approved software, preventing unauthorized applications from running

  • Real-time threat intelligence integration ensuring protection against the latest known malware variants and attack techniques

Patch Management

Keeping software current is essential for protection against known vulnerabilities. Kiteworks supports patch management through:

  • Regular platform updates delivered on a consistent schedule to address security vulnerabilities and implement new protections

  • Vulnerability tracking with timely patches for critical security issues identified in the platform or its underlying components

  • Update verification ensuring that patches are properly applied and functional without introducing new security risks

  • End-of-life management with clear support timelines and migration paths to prevent reliance on unsupported software versions

Technical Verification Support

Kiteworks simplifies the Cyber Essentials Plus assessment process by providing assessors with clear documentation of security controls, access to audit logs demonstrating control effectiveness, and technical evidence supporting each of the five control areas. The platform's transparent security architecture enables efficient verification during the hands-on testing phase.

UK Government Contract Requirements

For organizations seeking UK government contracts, Kiteworks provides the certified security infrastructure needed to handle sensitive government data. The platform's alignment with Cyber Essentials Plus requirements ensures that communications, file sharing, and data exchanges meet the security standards expected by UK government departments and agencies.