Exceed UK Baseline Certification with Physical Isolation Evidence
Cyber Essentials establishes baseline security requirements for UK organisations. Firevault Control provides physical measures that demonstrably exceed baseline requirements, providing stronger evidence for Cyber Essentials Plus certification and supply chain assurance.
Cyber Essentials
Cyber Essentials certification demonstrates baseline security hygiene. Physical enforcement demonstrates that those baselines are continuously maintained and cannot be accidentally undermined.
5/5
Technical controls with physical enforcement
100%
Boundary firewall requirements exceeded
CE+
Cyber Essentials Plus evidence strengthened
Full
Continuous certification evidence
Baseline certification is necessary but not sufficient.
Baseline vs Reality
Cyber Essentials certifies baseline controls at a point in time. Between assessments, control effectiveness can degrade through configuration drift and human error.
Boundary Device Limitations
Cyber Essentials requires boundary firewalls, but firewalls can be misconfigured, bypassed, or compromised, undermining the boundary they are meant to protect.
Supply Chain Requirements
Government and enterprise contracts increasingly require Cyber Essentials Plus. Stronger evidence differentiates organisations competing for these contracts.
The Scenario
Scenario: Supply Chain Tender with Physical Evidence
A government department evaluates three suppliers for a sensitive contract. All three hold Cyber Essentials Plus certification. However, the department's security assessment reveals that two suppliers rely entirely on software-based boundary controls that have experienced configuration incidents in the past year. The third supplier presents physical boundary enforcement evidence from Firevault Control, showing continuous, unbroken boundary protection with tamper-proof logs. The department selects the supplier with physical enforcement, noting that physical boundaries provide a higher assurance level for the sensitivity of the contract.
"All our competitors had Cyber Essentials Plus. What differentiated us was the ability to show physical boundary enforcement with continuous evidence. For the government buyer, physical controls meant genuine assurance, not just a certificate."
Where Cyber Essentials controls meet Control modules.
Cyber Essentials and Cyber Essentials Plus prescribe five technical control themes. Firevault Control hardens those themes with physical enforcement where logical configuration alone would not hold.
Reference: NCSC Cyber Essentials Requirements for IT Infrastructure v3.2 (April 2025).
Firewalls and boundary protection
-
CE 1
Boundary firewalls
The boundary is physical, not a configurable rule. Severed by default.
FirebreakIsolate
Secure configuration
-
CE 2
Secure configuration
Configurations and golden images sit in tamper-evident offline storage.
ArchiveValidate
User access control
-
CE 3
User access control
Reach is named, scoped and time-bound, with revocation at the boundary.
LockUnlinkRelay
Malware protection
-
CE 4
Malware protection
Removable media and inbound paths are governed Transfer events with validation.
TransferValidate
Security update management
-
CE 5
Security update management
Updates apply through named, time-bound Relay sessions with multi-party approval.
RelayExecute
Modules & symbols
Featured In
'%3e%3cpath%20fill='%23E40784'%20d='M141.363%2026.6a5.905%205.905%200%200%201-5.899-5.9%205.905%205.905%200%200%201%205.899-5.895%205.901%205.901%200%200%201%205.895%205.895%205.9%205.9%200%200%201-5.895%205.9Zm0-8.347a2.448%202.448%200%200%200%200%204.895%202.449%202.449%200%200%200%202.447-2.448%202.449%202.449%200%200%200-2.447-2.447ZM141.363%200c-.821%200-1.638.052-2.447.144v3.731a16.897%2016.897%200%200%201%202.447-.177c9.373%200%2017.002%207.626%2017.002%2017.002%200%20.825-.063%201.642-.177%202.448h3.732c.095-.81.143-1.627.143-2.448%200-11.411-9.285-20.7-20.7-20.7Z'/%3e%3cpath%20fill='%23E40784'%20d='M141.363%207.268c-.825%200-1.645.077-2.447.228v3.787a9.733%209.733%200%200%201%202.447-.313c5.369%200%209.734%204.368%209.734%209.734%200%20.832-.107%201.652-.313%202.447h3.783c.151-.802.228-1.623.228-2.447.004-7.412-6.024-13.436-13.432-13.436Z'/%3e%3cpath%20fill='%23fff'%20d='M71.382%207.537h-2.84a5.82%205.82%200%200%200-5.815%205.818v9.785h4.037v-9.789a1.78%201.78%200%200%201%201.777-1.777h2.841V7.537ZM80.539%2019.1a3.787%203.787%200%200%201-3.783-3.784%203.787%203.787%200%200%201%203.783-3.783%203.787%203.787%200%200%201%203.783%203.784%203.787%203.787%200%200%201-3.783%203.783Zm0-11.6c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82%201.372%200%202.66-.357%203.78-.982v.982h4.036V15.32c.004-4.313-3.503-7.82-7.816-7.82ZM41.806%2018.71a5.512%205.512%200%200%201-4.34%202.1%205.55%205.55%200%200%201-5.541-5.541%205.55%205.55%200%200%201%205.542-5.543c1.696%200%203.279.766%204.339%202.102l.088.114%201.656-1.656-.077-.092a7.865%207.865%200%200%200-6.01-2.797c-4.339%200-7.871%203.533-7.871%207.872s3.532%207.871%207.871%207.871a7.865%207.865%200%200%200%206.01-2.797l.077-.091-1.656-1.656-.088.113ZM19.479%207.397c-4.34%200-7.872%203.53-7.872%207.872%200%204.342%203.533%207.871%207.872%207.871a7.883%207.883%200%200%200%207.205-4.71l.081-.18H24.15l-.037.058a5.543%205.543%200%200%201-10.05-1.873h13.2l.015-.11c.048-.357.073-.714.073-1.053%200-4.346-3.529-7.875-7.871-7.875Zm-5.417%206.705a5.54%205.54%200%200%201%205.417-4.376%205.54%205.54%200%200%201%205.417%204.376H14.06ZM46.192%2023.14h2.33v-8.847a4.599%204.599%200%200%201%204.593-4.592%204.599%204.599%200%200%201%204.592%204.592v8.844h2.33v-9.149h-.008a6.887%206.887%200%200%200-2.082-4.648%206.89%206.89%200%200%200-4.832-1.972%206.863%206.863%200%200%200-4.593%201.751V.545h-2.33V23.14ZM2.686%207.393H0v2.33h2.686v8.471a4.944%204.944%200%200%200%204.94%204.939h2.435v-2.33H7.625a2.613%202.613%200%200%201-2.609-2.612V9.726h3.772v-2.33H5.016V1.84h-2.33v5.553ZM101.968%208.457a7.721%207.721%200%200%200-2.547-.858c-.088-.014-.177-.03-.265-.04-.1-.011-.199-.022-.302-.03a9.993%209.993%200%200%200-.574-.029c-.022%200-.04-.004-.062-.004h-.037c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82h.037c.25%200%20.496-.014.743-.04l.037-.003a7.742%207.742%200%200%200%203.003-.939v.979h4.037L106.005.537h-4.037v7.92Zm0%206.863a3.788%203.788%200%200%201-3.769%203.78%203.786%203.786%200%200%201-3.76-3.78c0-2.08%201.688-3.772%203.764-3.78a3.787%203.787%200%200%201%203.765%203.78ZM119.75%2023.11h4.037V15.299c-.011-4.302-3.515-7.798-7.82-7.798-4.313%200-7.821%203.507-7.821%207.82%200%204.313%203.508%207.82%207.821%207.82%201.372%200%202.66-.357%203.783-.982v.953Zm-3.783-4.01a3.786%203.786%200%200%201-3.783-3.784%203.786%203.786%200%200%201%203.783-3.783%203.79%203.79%200%200%201%203.783%203.78v.003a3.787%203.787%200%200%201-3.783%203.784ZM132.273%207.5a5.824%205.824%200%200%200-5.818%205.818v9.822h4.037v-9.822a1.78%201.78%200%200%201%201.777-1.777h2.841V7.5h-2.837ZM173.736%2020.807a5.534%205.534%200%200%201-5.527-5.527%205.534%205.534%200%200%201%205.527-5.528%205.535%205.535%200%200%201%205.528%205.528%205.535%205.535%200%200%201-5.528%205.527Zm0-13.399a7.852%207.852%200%200%200-5.527%202.274V7.393h-2.344V30h2.344v-9.127a7.836%207.836%200%200%200%205.527%202.275c4.339%200%207.872-3.533%207.872-7.872s-3.533-7.868-7.872-7.868ZM186.735%2023.14h-2.385v-9.81a5.84%205.84%200%200%201%205.833-5.834h2.848v2.385h-2.848a3.45%203.45%200%200%200-3.448%203.448v9.811ZM202.813%209.774a5.535%205.535%200%200%200-5.528%205.528%205.535%205.535%200%200%200%205.528%205.527%205.534%205.534%200%200%200%205.527-5.527%205.534%205.534%200%200%200-5.527-5.528Zm0%2013.4c-4.339%200-7.872-3.533-7.872-7.872%200-4.34%203.533-7.872%207.872-7.872s7.872%203.53%207.872%207.872c0%204.339-3.533%207.871-7.872%207.871Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h210.68v30H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Key Capabilities
Physical Boundary Protection
Physical network boundaries exceed Cyber Essentials boundary firewall requirements, providing demonstrable protection that cannot be misconfigured.
Governed Access Control
Multi-party authorisation provides access control evidence that exceeds baseline requirements and demonstrates active governance.
Continuous Evidence
Automated logging generates continuous compliance evidence, strengthening your position for Cyber Essentials Plus assessment and renewals.
Secure Configuration Support
Physical zone separation ensures secure configuration requirements are maintained regardless of individual system configuration states.
Assessment-Ready Logs
Tamper-proof logs provide complete audit trails ready for Cyber Essentials Plus technical verification.
Clean Recovery Capability
Verified control-plane baselines ensure clean system restoration, supporting malware protection requirements with guaranteed uncompromised recovery.
Demo to Live
Adoption Guide
Baseline Assessment
Review your current Cyber Essentials controls and identify where physical enforcement provides the greatest assurance improvement.
Physical Boundary Design
Design physical boundary enforcement for your network perimeter and internal zone boundaries aligned to your Cyber Essentials scope.
Pre-Assessment Deployment
Deploy Control before your next Cyber Essentials Plus assessment to generate continuous evidence and validate physical boundary effectiveness.
Full Boundary Enforcement
Organisation-wide physical boundary enforcement with continuous evidence generation and verified control-plane baseline restoration.
Baseline Assessment
Review your current Cyber Essentials controls and identify where physical enforcement provides the greatest assurance improvement.
Physical Boundary Design
Design physical boundary enforcement for your network perimeter and internal zone boundaries aligned to your Cyber Essentials scope.
Pre-Assessment Deployment
Deploy Control before your next Cyber Essentials Plus assessment to generate continuous evidence and validate physical boundary effectiveness.
Full Boundary Enforcement
Organisation-wide physical boundary enforcement with continuous evidence generation and verified control-plane baseline restoration.
Explore More
ISO 27001 Framework
Information security management and Annex A controls.
Learn more about ISO 27001 FrameworkNIS2 Framework
Operational resilience for essential and important entities.
Learn more about NIS2 FrameworkNIST CSF Framework
Identify, protect, detect, respond, recover alignment.
Learn more about NIST CSF FrameworkQuestions