NCSC Cyber Essentials v3.3 Danzell · In force 28 Apr 2026

Pass Cyber Essentials in weeks, not months.

Guided self-assessment across the 5 NCSC controls, automatic evidence collection, and the PPN 014/21 pack your assessor expects. Built for UK SMEs.

Start 14-day free trial See pricing →
  • NCSC v3.3 Danzell
  • 44 CE + 22 CE+ Questions
  • PPN 014/21 Evidence Pack
  • ISO 27001 Annex A Map
app.crowagent.ai / cyber
CrowCyber readiness dashboard showing 86% Cyber Essentials readiness across the five NCSC themes
CrowCyber guided self-assessment against the Cyber Essentials technical controls
CrowCyber evidence library mapping each control to its supporting documents
CrowCyber board-ready readiness reports and certification audit trail

Sample Data
Who is this for

Built for SMEs
preparing for CE.

CrowCyber removes the need for expensive manual consultancies and replaces them with a guided, evidence-backed assessment.

IT and cyber leads

Internal owners running the assessment without a dedicated consultancy budget. CrowCyber provides the structure and suggested answers they need to complete the 44 CE and 22 CE+ questions without an external consultant.

Public-sector suppliers

SMEs that must hold Cyber Essentials to bid for central-government work under PPN 014/21. The evidence pack CrowCyber generates is structured to meet the format assessors expect for contracts handling personal or sensitive government data.

Insurance buyers

SMEs whose insurer or large-customer audit now requires Cyber Essentials as a baseline. CrowCyber keeps the certificate current with 12-month evidence-expiry reminders, so renewal does not catch teams off guard.

Compliance officers

Multi-entity groups certifying several legal entities on a shared, up-to-date evidence base. The Portfolio plan supports unlimited users and multiple simultaneous certification tracks, with white-label evidence packs for each entity.

Product walkthrough

From tenant connect
to certification.

A guided path through the five NCSC controls, the evidence library, and the assessor pack.

01

Connect your tenant

Link Microsoft 365 or Google Workspace so CrowCyber can pre-fill the 44 CE and 22 CE+ questions with live configuration data. No manual copy-paste from admin consoles.

02

Run the 5-control assessment

Work through firewalls, secure configuration, user access control, malware protection, and security update management with suggested answers and citations to NCSC guidance. Every question is mapped to the v3.3 Danzell requirement it satisfies.

03

Track and close gaps

Per-theme gap detection shows which of the 5 NCSC controls are at risk before you submit to the assessor. The prioritised remediation list tells your team exactly which items to fix first to unblock certification.

04

Submit and maintain

Export the PPN 014/21 evidence pack and ship it to your assessor. Automatic 12-month staleness reminders and certificate expiry alerts keep your evidence fresh so the annual renewal does not become a full restart.

What it assesses

The five NCSC controls,
end to end.

Cyber Essentials v3.3 (Danzell) is built on five technical control themes. CrowCyber guides you through all 44 CE questions plus the 22 CE+ questions across every one.

Control 1

Firewalls and gateways

Boundary firewalls and internet gateways configured to block unapproved services. CrowCyber checks that inbound rules follow a default-deny posture and that only documented services are permitted.

Control 2

Secure configuration

Devices and software hardened from default builds; unnecessary functionality removed. CrowCyber maps your tenant settings against the NCSC hardening baseline and surfaces every deviation that would fail the assessor's review.

Control 3

Security update management

Supported software, patched within the v3.3 SLA for high and critical vulnerabilities. CrowCyber tracks end-of-life software, missing patches, and the 14-day remediation deadline so you never fail on an avoidable gap.

Control 4

Malware protection

Anti-malware or application allow-listing across in-scope devices. CrowCyber verifies that your chosen protection approach meets the v3.3 Danzell requirements and that definitions are updated within the mandated frequency.

Control 5

User access control

Least-privilege accounts, MFA on cloud admin (mandatory under v3.3 Danzell; SMS-based MFA is no longer accepted). CrowCyber audits privilege levels, shared accounts, and MFA configuration across Microsoft 365 and Google Workspace.

Scope summary

44 CE + 22 CE+ questions

The full Cyber Essentials self-assessment is 44 questions. CE+ adds 22 further technical verification questions requiring evidence from system scans and configuration exports. CrowCyber covers both, with a PPN 014/21 evidence pack and ISO 27001 Annex A mapping output.

44 Cyber Essentials questions · +22 CE+ questions · PPN 014/21 evidence pack · ISO 27001 Annex A mapping

Total readiness.

Readiness scored live across the five NCSC control themes, with a prioritised gap list. Sample data shown.

app.crowagent.ai/cyber
CrowCyber readiness dashboard showing 86% Cyber Essentials readiness across the 5 NCSC themes
Platform features

Everything you need
for Cyber Essentials and CE+.

Six capabilities, one assessment trail. From first connection to the assessor's inbox.

5 NCSC technical controls

All 44 CE questions and the additional 22 CE+ questions across firewalls, secure configuration, user access control, malware protection, and security update management. Every question is cross-referenced to the v3.3 Danzell requirement it satisfies.

Readiness gauge

Per-theme gap detection with prioritised remediation. See your readiness score per control area and the exact list of items blocking certification. The dashboard updates in real time as you complete questions and upload evidence.

Evidence library

Upload screenshots, policy documents, and config exports against each control. Automatic 12-month staleness tracking and certificate expiry reminders keep your pack audit-ready year-on-year, so renewal never becomes a full restart.

Suggested answers and remediation

Server-side Gemini drafts control narratives and remediation steps based on your environment, with citations to NCSC guidance. You review and confirm; you never start from a blank page. Suggested answers are clearly marked as drafts, not auto-submitted responses.

PPN 014/21 ready

Public-sector suppliers must hold Cyber Essentials to bid on contracts handling personal or sensitive government data under PPN 014/21. CrowCyber generates the structured evidence pack public-sector buyers and assessors expect, formatted and ready to attach to your bid.

ISO 27001 Annex A mapping

Controls map cleanly to ISO 27001 Annex A so the work you do for Cyber Essentials becomes the foundation of a wider information-security programme. The mapping is included in the assessment output at no additional cost.

Pricing

From £99/month.

Three plans sized to your team. All include the full 5-control self-assessment, evidence library, and suggested answers. Annual billing saves 10%.

Starter

£99/mo

Up to 5 users, 1 certification track. Full Cyber Essentials self-assessment across all 5 NCSC controls, evidence library, and email support. Ideal for small teams running their first CE assessment.

Get started
Most Popular

Pro

£199/mo

Up to 25 users, multiple certification tracks for both CE and CE+, advanced reporting, and priority support. Most popular for SMEs preparing for public-sector bids under PPN 014/21.

Get started

Portfolio

£399/mo

Unlimited users, white-label evidence packs, API access, and a dedicated account manager. For groups certifying multiple legal entities on a shared evidence base with separate PPN 014/21 packs per entity.

View full pricing
Compare all plans in detail →
Try before you buy

Run the free Readiness Check first.

Twelve questions against Cyber Essentials v3.3 (Danzell), in force 28 April 2026. Catch MFA gaps and 14-day patch SLA breaches before your assessor flags them as auto-fails. Upgrade to CrowCyber for the full 44 + 22 question self-assessment, evidence library, and PPN 014/21 evidence packs.

Run readiness check → All free tools
Related products

The CrowAgent
portfolio.

All products →

Four active enforcement window products, plus the MEES compliance foundation and a free readiness tool.

PUSH

CrowMark

Win the mandatory 10% social-value score on every PPN 002 bid (mandatory for central-government contracts since 24 February 2025). Structured evidence and scoring in one workflow.

Explore →
PUSH

CrowCash

Recover late invoices automatically under SI 2002/1674. Statutory interest at Bank of England base plus 8%, plus £40/£70/£100 fixed compensation costs per invoice.

Explore →
PUSH

CrowESG

GRI, TCFD, CSRD/ESRS, ISSB, and UK SDR from one dataset. Q3 2026 waitlist open; these frameworks are already in force. Avoid duplicating data collection across frameworks.

Explore →
Foundation

CrowAgent Core

MEES Band C 2028 (proposed) intelligence platform for landlords and property managers. MEES penalty exposure and SECR carbon data inputs under SI 2015/962.

Explore →
Free tool

Free Readiness Check

Twelve questions against Cyber Essentials v3.3 (Danzell). Catch MFA gaps and 14-day patch SLA breaches before your assessor flags them as auto-fails. No account required.

Run tool →

CERTIFIED.

Ready to certify before your competitors?
Cyber Essentials v3.3 (Danzell) is in force now. Start the assessment today and get your first readiness score in under 30 minutes.

Start 14-day free trial Book a demo

No credit card required · 14-day free trial · Cancel anytime

Frequently asked questions

What certifications does CrowCyber help with?+

CrowCyber covers Cyber Essentials and Cyber Essentials Plus certification readiness, aligned to the NCSC v3.3 (Danzell) requirements effective 28 April 2026.

How long does the readiness assessment take?+

The initial readiness scan takes approximately 5 minutes. The full action plan with remediation steps is generated within 24 hours of completing your environment questionnaire.

Does CrowCyber handle the MFA requirement?+

Yes. CrowCyber specifically checks MFA configuration against the Danzell v3.3 requirement that SMS-based MFA is no longer accepted for cloud admin accounts.