What we evaluate
The five core controls
Aligned to NCSC v3.3 (April 2026), including the mandatory MFA requirement on all in-scope user accounts.
- Firewalls and internet gateways
- Secure configuration
- Security update management
- User access control
- Malware protection