UK NCSC Cyber Essentials Plus (CE+) v3.3 Danzell expert. Reference-depth framework plugin with assessment, scope determination, and evidence checklist — backed by the SCF crosswalk. Five core controls: Firewalls, Secure Configuration, User Access Control (MFA mandatory for all cloud services), Malware Protection, and Patch Management.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cyber-essentials-plus:cyber-essentials-plus-expertThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Reference-depth expertise for **UK NCSC Cyber Essentials Plus (CE+) v3.3 Danzell** (effective 27 April 2026). This plugin bundles the SCF crosswalk (26 SCF controls → 5 CE+ controls) with framework-specific context.
Reference-depth expertise for UK NCSC Cyber Essentials Plus (CE+) v3.3 Danzell (effective 27 April 2026). This plugin bundles the SCF crosswalk (26 SCF controls → 5 CE+ controls) with framework-specific context.
emea-gbr-ce-2021Cyber Essentials Plus is a UK government-backed certification scheme that requires organisations to demonstrate they have implemented five foundational technical security controls: Firewalls, Secure Configuration, User Access Control, Malware Protection, and Patch Management. CE+ is the independently-verified tier — unlike self-assessed Cyber Essentials, an accredited assessor conducts hands-on technical testing of the organisation's systems to verify the controls are in place and effective. The scheme is mandated for UK government supply chain contracts involving personal data or sensitive information, and is widely adopted as a baseline security standard across UK public and private sector organisations.
Any organisation operating in the UK, or supplying to UK government, can pursue CE+ certification. There is no revenue, headcount, or sector threshold — sole traders through FTSE 100 companies all use the same question set. The certification applies to a defined boundary chosen by the applicant; the boundary must include all devices that can access organisational data or services. UK government contracts handling personal data or sensitive information require CE+ as a minimum; some contracts (particularly MOD and intelligence community supply chain) require Cyber Essentials Plus specifically. There is no territorial carve-out for organisations headquartered outside the UK if they operate systems within a UK boundary or bid for UK government contracts.
The NCSC owns the Cyber Essentials scheme and sets the technical requirements. The IASME Consortium manages the certification body network and accredits assessors. Enforcement is indirect — there is no regulatory penalty for not holding CE+ unless a contract or regulatory condition requires it. UK government procurement rules (published by DSIT / Cabinet Office) mandate CE+ for relevant contracts; failure to maintain certification can result in contract termination or disqualification from future tenders. Maximum financial exposure therefore flows from contract loss rather than direct fines.
/cyber-essentials-plus:assess before a GDPR gap assessment to avoid re-covering the same ground./grc-engineer:map-controls-unified to identify overlaps."MFA is only required for admin accounts." Incorrect under Danzell v3.3 (effective 27 April 2026): MFA is mandatory for all user accounts accessing any cloud service within the certification boundary. This includes standard user accounts accessing Microsoft 365, Google Workspace, AWS, and any other SaaS platform in scope.
"We can risk-accept unsupported software and stay in scope." Incorrect: unsupported or end-of-life software (OS or applications) must be removed from the boundary to achieve CE+ certification. A risk acceptance or compensating control is not sufficient — the system must either be updated, replaced, or excluded from the certification boundary.
"CE (self-assessed) and CE+ are the same certification at different levels." They are different certifications. Cyber Essentials is self-assessed; CE+ requires independent technical verification by an accredited assessor who tests live systems. Many organisations discover gaps during CE+ verification that their self-assessment missed. This plugin covers CE+ only.
"Our cloud provider's compliance certifications mean we're covered." Cloud provider certifications (AWS ISO 27001, Azure SOC 2, etc.) cover the provider's infrastructure, not the organisation's configuration of that infrastructure. The organisation is responsible for their tenant configuration — firewall rules, MFA settings, patch levels, and account controls in the cloud tenancy are in scope for CE+.
/cyber-essentials-plus:scope — determine applicability and define certification boundary/cyber-essentials-plus:assess — run a gap assessment against all five controls/cyber-essentials-plus:evidence-checklist — enumerate evidence requirements by controlAll three delegate to /grc-engineer:gap-assessment with SCF framework ID emea-gbr-ce-2021 for the control-by-control mechanics, and wrap the results in CE+-specific terminology.
Full-depth plugins add framework-specific workflow commands tied to the audit ritual. Candidates for CE+:
/cyber-essentials-plus:question-set — walk through the Danzell v3.3 question set interactively and pre-populate answers from connector evidence/cyber-essentials-plus:assessor-prep — generate the assessor pack (asset inventory, network diagram, firewall exports, patch report) ready for the technical verification visit/cyber-essentials-plus:boundary-review — help the organisation define and justify their certification boundary, flag devices that must be included, and identify candidates for explicit exclusion/cyber-essentials-plus:mfa-audit — enumerate all cloud services in scope and verify MFA is enforced on every one, given the mandatory MFA requirement under Danzell v3.3npx claudepluginhub vantainc/claude-grc-engineering --plugin cyber-essentials-plusGuides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
Manages knowledge base ingestion, sync, and retrieval across local files, MCP memory, vector stores, and Git repos. Use for saving, organizing, deduplicating, or searching knowledge.
4plugins reuse this skill
First indexed Jul 10, 2026