Quick answer: The Cyber Essentials self-assessment is around 70 questions across 6 sections, completed online via the IASME portal. Most are yes/no with a free-text justification. Allow 4-8 hours of focused time, plus 5 working days for the assessor to review.
The six sections of the self-assessment
- A1. Your business — scope: Who you are, what’s in scope, organisation structure
- A2. Boundary firewalls and internet gateways: ~8 questions on firewalls, default passwords, inbound rules
- A3. Secure configuration: ~12 questions on default credentials, asset register, auto-run, unused services
- A4. User access control: ~14 questions on MFA, admin separation, password policy, joiner/mover/leaver
- A5. Malware protection: ~8 questions on anti-malware deployment, signatures, allowlisting
- A6. Security update management: ~10 questions on patching SLA, EOL software, mechanism
What the format looks like
Most questions are yes/no with a justification box. A handful ask for counts (number of devices, users, cloud services). The portal saves as you go, you can collaborate with colleagues, and you have 6 months from registration to submit.
What happens after submission
An IASME-licensed assessor reviews within 5 working days. About 60% of submissions receive at least one round of clarifying queries — typically asking for screenshots of MFA enforcement, leaver process evidence, or BYOD compliance. You have up to two rounds of queries before the application is rejected. Reply within 5 working days to keep the application live.
What helps you pass first time
- Build an asset register before you start
- Prepare screenshots of MFA enforcement, patch dashboards and device compliance ahead of submission
- Have a documented joiner / mover / leaver process
- Be honest in the free-text boxes — assessors prefer “we use X but haven’t formally documented it” to a confidently inaccurate yes/no
For a section-by-section walkthrough see our Cyber Essentials questionnaire answers guide.
Related Cyber Essentials FAQs
More answers from our cyber essentials knowledge base.
