Cyber Essentials is a government backed scheme which certifies that an organisation has adequate protection measures in place to guard against the most common cyber-attacks.
Cyber Essentials certification is a pre-requisite for some degree scheme accreditation and for much research funding.
Aberystwyth University has held Cyber Essentials accreditation since 2017. This is due for recertification in November 2022.
This year, in line with the increased cyber security threats worldwide, the technical controls required to achieve the Cyber Essential certification have increased.
Over the next few months Information Services will be making changes to systems and services to ensure they are protected and that the level of protection meets the Cyber Essentials standard.
Cyber Essentials requirements do not apply to students.
The main areas for change will be:
Ensuring that all AU owned devices connecting to the network are up to date and secure
All University owned devices will need to comply with the Device Management Policy. This includes computers, laptops, tablets and mobile phones.
An audit of existing devices will be carried out to identify:
- those that are AU owned and not currently centrally managed
- those that will not comply with the policy due to age and specification
New devices are on order and Information Services will contact departments to arrange the allocation of new devices where appropriate.
Further information on Cyber Essentials and AU owned devices can be found in our FAQS.
Ensuring that all software on AU owned devices is fully supported by the manufacturer
Installation of software on AU owned devices will need to comply with the Software Management Policy
Software will be made available through the Company Portal (Windows) and Jamf Self Service (Mac).
Further information on Cyber Essentials and software management on AU computers can be found in our FAQs
Ensuring that all personally owned devices connecting to the network are up to date and secure.
All personal devices accessing University resources, for example, Office 365, SharePoint, Teams or other cloud hosted software, applications, services and environments, including connecting to the University network via VPN will need to comply with the Bring your own Device (BYOD) policy
Further information on Cyber Essentials and using personal devices for accessing AU resources and connecting to the network can be found in our FAQs
Ensuring that all systems and servers are up to date and secure
All systems and services will need to be managed in compliance with the Vulnerability Management Policy
An audit of existing servers and hosted services will be carried out to identify:
- those that require updating those that will not comply with the policy due to age and specification
- Information Services will contact departments with any action required.
Ensuring that access to services is protected by multi-factor authentication
All solutions must comply with the Software as a Service Policy
An audit of existing services will be carried out to identify those that require updating.
Information Services will contact service owners to discuss any updates