CE Willow

Cyber Essentials Willow

93 questions across 8 sections.

93
Total questions
8
Sections
7
New vs Montpellier
3
Removed vs Montpellier
Montpellier Willow Danzell current Compare all versions
What changed from Montpellier: 7 new questions added, 3 removed. Use the CE Explorer to see exactly what changed and where.
A1
Your Company
Organisational identity and context. Determines how the question set is tailored and what appears on the certificate.
16 questions
A2
Scope of Assessment
Defines what is covered by the certification. Determines which devices, networks, and cloud services are in scope.
12 questions
A3
Insurance
Eligibility and opt-in for automatic cyber insurance. Revenue question removed in this version — only email contact req…
3 questions
A4
Firewalls
Technical protection between network devices and the internet. Significantly restructured from Montpellier — software f…
14 questions
A5
Secure Configuration
Ensuring devices and services are configured securely. Largely consistent with Montpellier; passwordless option added t…
10 questions
A6
Security Update Management
Keeping software up to date. Willow adds CVSSv3 scoring as an explicit threshold trigger, extends scope to 'vulnerabili…
16 questions
A7
User Access Control
Limiting user access to what is necessary. Willow broadens A7.2 to 'unique credentials' (covers passwordless); A7.10 ex…
17 questions
A8
Malware Protection
Protecting devices from malware. Consistent with Montpellier; minor wording updates and CE Requirement references added.
5 questions

How does your organisation measure up against Willow?

Check your real-world posture against these requirements in 3 minutes. Free, no account needed.

Check my readiness → Explore all questions first