🤖 Join 6clicks at SydneySEC — Access Andrew’s keynote and meet the team
MarketplaceCybersecurityCyber Essentials v3.3
CybersecurityStandard

Cyber Essentials v3.3

Cyber Essentials: Requirements for IT Infrastructure

Cyber Essentials v3.3 is a UK government-backed cybersecurity scheme defining baseline security measures for businesses. The update, effective from 26th April 2026, refines requirements to close ambiguities and enforce stricter compliance on cloud services, MFA, and endpoint protection.

Book your strategy callView source ↗

Overview

Cyber Essentials v3.3 is an updated version of the UK government-backed scheme aimed at improving organizational cybersecurity practices. It retains its five core controls—firewalls, secure configuration, patch management, user access control, and malware protection—while introducing significant refinements. From April 2026, the scheme mandates stricter scoping for cloud services, expanded MFA deployment, and precise documentation of firewall rules. The 14-day patching rule applies to not only software fixes but also configuration changes, strengthening vulnerability management. Organizations are encouraged to proactively prepare to meet these standards by updating their IT scope, enforcing security measures on all devices, and documenting all changes clearly. Cyber Essentials certification demonstrates compliance with recognized security standards and is often deemed critical for public sector contracts.

Related in Cybersecurity

CybersecurityStandard

ISO/IEC 27018:2025 — ISO/IEC 27018:2025 Information security, cybersecurity and privacy protection — Guidelines for protection of personally identifiable information (PII) in public clouds acting as PII processors

ISO/IEC 27018:2025 is the global standard for managing personally identifiable information (PII) in public cloud services. It provides cloud providers with a framework to ensure privacy, security, and compliance when processing customer data.

International Organization for Standardization (ISO) • v2025

View details
CybersecurityStandard

ISM CCM — Information Security Manual Cloud Controls Matrix Template

The Cloud Controls Matrix (CCM) Template is a comprehensive framework for mapping cloud security controls to industry standards and compliance requirements. It helps organizations assess, implement, and demonstrate effective cloud security practices across diverse environments.

Australian Government • Australia • vJune 2026

View details
CybersecurityRegulation

ISM SSP — Information Security Manual System Security Plan Annex Template

The System Security Plan (SSP) Annex Template is a structured document used to capture detailed information about an organization’s cyber security controls and implementation. It supports accreditation processes by providing evidence of compliance, risk management, and system-specific security measures.

Australian Government • Australia • vJune 2026

View details
CybersecurityRegulation

RFFR ISM SoA — Right Fit for Risk Information Security Manual Statement of Applicability

The Right Fit for Risk (RFFR) Statement of Applicability (SoA) is a structured template used to document how organizations meet cyber security accreditation requirements. It outlines applicable controls, their implementation status, and provides assurance of compliance with the RFFR framework.

Australian Government • Australia • vJune 2026

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks — automatically.

Book your strategy call