Cyber Essentials Vulnerability Scanner & Compliance Tool
Meet Cyber Essentials and Cyber Essentials Plus vulnerability scanning requirements with automated compliance mapping and audit-ready reports.
What Cyber Essentials Requires for Vulnerability Management
The UK Cyber Essentials scheme requires organisations to patch known vulnerabilities within 14 days of a fix becoming available, use firewalls and secure configurations, control user access privileges, and protect against malware. Cyber Essentials Plus adds independent vulnerability scanning and penetration testing verification. ScanAnchor automates the scanning and reporting needed for both certification levels.
How ScanAnchor Maps to Cyber Essentials Controls
- Firewalls & Internet Gateways — ScanAnchor scans for open ports, misconfigured firewalls, and exposed services
- Secure Configuration — Detect default credentials, unnecessary services, and configuration weaknesses
- User Access Control — Identify privilege escalation vulnerabilities and access control misconfigurations
- Malware Protection — Scan for known malware vectors and unpatched software exploitable by malware
- Patch Management — Flag unpatched software with CISA KEV and EPSS prioritisation for the 14-day remediation window
Cyber Essentials Plus: Authenticated Scanning Built In
Cyber Essentials Plus requires authenticated vulnerability scanning to verify internal security controls. ScanAnchor supports SSH, WMI, and credential-based scanning with AES-256 encrypted credential storage. Run authenticated scans across your entire estate with flat-rate pricing — no per-IP fees.
Frequently Asked Questions
- Does ScanAnchor support Cyber Essentials Plus?
- Yes. Authenticated scanning with SSH and WMI meets the Cyber Essentials Plus independent scanning requirement.
- What Cyber Essentials controls does ScanAnchor cover?
- All five technical controls: firewalls, secure configuration, user access control, malware protection, and patch management.
- How quickly can I generate a Cyber Essentials compliance report?
- One-click report generation mapping your scan findings to Cyber Essentials controls. Reports are ready within minutes of scan completion.
- Do I still need a certification body?
- Yes. ScanAnchor provides the scanning and evidence, but you still need an accredited certification body to issue the Cyber Essentials certificate.
PCI-DSS compliance · Qualys alternative · Nessus alternative · View pricing