Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Henry Coggill
on 3 November 2023


Cyber Essentials is an increasingly important security standard within the UK that allows organisations to demonstrate to their customers that they operate their business in a secure and trustworthy manner. Achieving the Cyber Essentials certification helps businesses win new customers and  stand out amongst their peers. It is a requirement for any company that seeks to sell their services to the UK Government. Cyber Essentials Plus brings an extra level of assurance, where an accredited auditor verifies the security controls and issues a certificate demonstrating compliance.

Cyber Essentials is based around five areas of technical controls: 

  1. firewalls 
  2. secure configuration
  3. security update management 
  4. user access control 
  5. malware protection 

The scheme also requires a scope of applicability to be defined: how much of an organisation’s IT systems should be covered.

To help organisations meet security requirements such as Cyber Essentials (CE), we have created Ubuntu Pro, a subscription service that brings security and compliance to regular Ubuntu. In this post we will cover how Ubuntu Pro can be used to meet CE requirements.

Defining the scope and tracking assets

The first step in the CE process is to define the scope, and work out how much of your IT infrastructure should be covered, taking into account servers, laptops and mobile devices, as well as cloud services and web apps. Once the scope has been agreed, it’s recommended to manage these assets, something that CE considers to be a core security function.

Landscape is the enterprise systems management tool for Ubuntu. It gives admin and security teams the superpower to manage all Ubuntu machines remotely, verify package versions at scale and report in real-time on the CVE status for each machine. Landscape can also act as the single source of truth for software by managing repos instead of pointing Ubuntu machines to the public-facing repos. Landscape is available both on-premise and as a cloud service as part of an Ubuntu Pro subscription.

Security update management

Security updates are a fact of life these days, and here Ubuntu Pro has all bases covered, giving 10 years of security patching to all the software within the Ubuntu ecosystem, ensuring full lifetime security coverage for Critical, High and selected Medium vulnerabilities across the widest range of applications and infrastructure. Using Landscape, Ubuntu security fixes can be applied automatically, enabling a hassle-free security maintenance process with full control and automation.

Cyber Essentials requires that organisations fix High and Critical vulnerabilities, which have a CVSS v3 score of 7 or above, and this is fully covered by Ubuntu Pro’s Extended Security Maintenance guarantees. Administrators can use Landscape to roll out the updates across their Ubuntu estate and demonstrate that they have met the CE requirements.

Regular Ubuntu provides security fixes to the core operating system (around 2,500 packages) for five years. But the whole ecosystem of software available with Ubuntu is far wider – over 25,000 packages, covering applications, databases and runtimes. Ubuntu Pro provides patching coverage for all of this software, which matches up directly with the CE requirements; regular Ubuntu only offers best-effort patching for the most critical software packages. Learn more about Ubuntu Pro in this FAQ.

Secure configuration requirements

This requirement is all about removing insecure or weak default configurations and locking systems down, which admittedly sounds rather dry and uninteresting. Here, Ubuntu Pro can help by providing the Ubuntu Security Guide, which is a tool that automatically applies a known secure configuration to an Ubuntu system in order to simplify the hardening process. The most widely adopted security hardening standards are published by the Center for Internet Security (CIS), and the Ubuntu Security Guide includes CIS profiles for servers and desktops, enabling you to securely configure Ubuntu systems with one command, or apply the configuration remotely using Landscape.

User access control requirements

Keeping track of user accounts is one of the trickiest parts of the administrative burden to keep on top of. Given that organisations using Linux almost always have an Active Directory server managing user access to emails and other company resources, it makes sense to re-use this existing infrastructure where possible. Ubuntu Pro includes ADsys, a fully featured Active Directory client that connects Linux systems into existing Windows domains, simplifying user access control and unifying policies and procedures.

Malware protection requirements

This requirement is aimed at restricting the execution of malware and untrusted software. Canonical provides Ubuntu users and developers with one trusted source of software, from infrastructure to applications, and Docker containers to Virtual Machines, which minimises the risk of malware infection by installing software from untrusted sources.

Conclusion

Ubuntu Pro is Canonical’s enterprise subscription service for security and compliance, and it includes a powerful set of features that help to meet all the requirements of Cyber Essentials – from 10 years of security maintenance to patching automation, asset management and secure configuration. Ubuntu Pro ensures you have trusted provenance for all software packages within the ecosystem. Access control and identity management features are also available through the ADsys integration.

We are the trusted partner on open source security for thousands of security teams, and with Ubuntu Pro we have a turn-key subscription service to help you achieve CE compliance. More and more companies looking to bolster their security capabilities turn to Canonical for support.
Are you considering the Cyber Essentials requirements, or perhaps you’ve started your journey to achieving it already? Talk to us so we can help you with Ubuntu Pro.

Related posts


Diogo Sousa
21 August 2024

How Ubuntu keeps you secure with KEV prioritisation

Security Article

The Known Exploited Vulnerabilities Catalog (KEV) is a database published by the US Cybersecurity and Infrastructure Security Agency (CISA) that serves as a reference to help organisations better manage vulnerabilities and keep pace with threat activity.By having a commitment to prioritise vulnerabilities contained in the KEV, Ubuntu is p ...


Massimiliano Gori
27 November 2024

Entra ID authentication on Ubuntu at scale with Landscape

Ubuntu Article

Authd allows Entra ID authentication on both Ubuntu Desktop and Server. Learn how to configure Authd at scale using Landscape and Cloud-init ...


eslerm
19 November 2024

Needrestart local privilege escalation vulnerability fixes available

Ubuntu Article

Qualys discovered vulnerabilities which allow a local attacker to gain root privileges in the needrestart package (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, and CVE-2024-11003) and a related issue in libmodule-scandeps-perl (CVE-2024-10224). The vulnerabilities affect Debian, Ubuntu and other Linux distributions. Canonical’s securit ...