Cyber Essentials Compliance
This example project demonstrates how TraceabilityLite can be used to manage Cyber Essentials compliance activities through clear traceability between requirements, policy documents, and practical configuration guidance.
It includes a set of infrastructure requirements derived from the official Cyber Essentials Requirements for IT Infrastructure v3.2, together with supporting Word and Excel documents used to define, implement, and maintain secure operational controls.
To create a project based on this template: select Projects => Create New Project => tick Based on Template, select "Cyber Essentials Compliance", select a location and project name, then click Create.
The content of each linked policy can then be viewed against each requirement, as shown below.
Requirements
This section contains the core compliance requirements mapped from the official Cyber Essentials infrastructure criteria, providing the baseline control objectives that the remaining project documents support.
Cloud Services Configuration Guide
This guide defines the Microsoft Intune and Azure configuration settings required to support Cyber Essentials compliance, including endpoint management and cloud security controls that can be audited and maintained over time.
Cyber Essentials Requirements for IT Infrastructure v3.2
This source document captures the formal infrastructure requirements used to derive the project requirement set and acts as the authoritative reference for interpretation and compliance intent.
Cyber Security Regular Review Policy
This policy sets out recurring Microsoft 365 and wider security review activities to help ensure vulnerabilities, misconfigurations, and emerging risks are identified and addressed promptly.
Leavers and Joiners Policy
This policy defines the configuration and access-control changes required when staff join or leave, helping ensure identities, permissions, and devices are managed securely throughout the employment lifecycle.
New and Old Device Policy
This policy describes the control steps for onboarding new devices and handling older devices, helping ensure device posture remains compliant and that legacy risks are reduced as equipment ages.
Supported and Unsupported SW
This spreadsheet is used to track supported and unsupported software, with unsupported software expected to be isolated on a separate VLAN with no internet access to minimise exposure and reduce organisational risk.
Firewall Configuration Guide
This document is not included in the example project, but it should be added and tailored to the selected edge firewall vendor (for example, Cisco Firepower) so network boundary controls align with the wider Cyber Essentials control set.