New Framework Released: Cyber Essentials UK 3.2

Cyber Essentials UK is applicable to businesses, non-profits, and public sector organizations operating in or engaging with the UK that want to establish a foundational level of cybersecurity protection. It is particularly relevant for companies that handle sensitive customer data, work with government contracts, or operate in industries where demonstrating cybersecurity best practices is a requirement. 

By updating Cyber Essentials from version 3.1 Montpellier to 3.2 Willow in the Drata platform, Drata ensures customers stay aligned with the latest UK security requirements, benefiting from improved threat response expectations, revised cloud service provider guidance, and enhanced compliance automation that reflects current best practices.

By releasing another fully mapped framework, we’re continuing to work towards:

• Elevate Baseline Security: Reflects the latest threat-informed updates in Cyber Essentials 3.2 Willow, helping organizations proactively safeguard against evolving cyber risks.

• Simplify Compliance Readiness: Pre-mapped updates eliminate manual interpretation, enabling faster and more confident alignment with the revised UK government-backed standard.

• Adapt to Cloud-First Environments: Enhances clarity around cloud service responsibilities, allowing customers to better document and automate shared control evidence.

• Centralize UK Framework Oversight: Empowers customers to manage Cyber Essentials 3.2 Willow within the same unified view as other global frameworks like ISO 27001 and NIST CSF.