Why this term matters for the five controls
Technical-control terms map directly to the five Cyber Essentials controls: firewalls, secure configuration, user access control, malware protection, and security update management. These terms turn the self-assessment from a short answer into something the organisation can evidence.
For a passing submission, the organisation should be able to show the relevant configuration, the owner of the control, how exceptions are handled, and how the control is reviewed over time.
How Fig uses this term
Fig Group uses CVSS as part of a practical Cyber Essentials and compliance vocabulary. The purpose is to make assessment decisions easier to verify: what the term means, where it appears in evidence, which control it supports, and which buyer or assessor question it helps answer.
If this term affects your Cyber Essentials submission, treat it as an evidence question rather than a definition question. Document the relevant owner, system, configuration, policy, or workflow so an assessor can see how the control works in your environment.
Official sources and related guidance
For scheme interpretation, verify against official NCSC and IASME material. Fig's glossary is designed to translate those concepts into implementation language for UK organisations, MSPs, and procurement teams.