.svg)
Cyber Essentials Plus: Achieving and Maintaining Regulation Adherence with Compliance for Confluence
For organisations looking to achieve and maintain Cyber Essentials Plus certification in Confluence, our app Compliance for Confluence can assist you in the various ways.
Compliance for Confluence can support your efforts toward achieving Cyber Essentials Plus certification by helping you enforce and demonstrate security controls specifically within the Confluence environment. While Cyber Essentials Plus focuses largely on endpoint, network, and system-level protections, Compliance for Confluence helps close gaps in access control, documentation integrity, and auditability, particularly where Confluence is used to manage or store sensitive information.
User Access Control
Requirement: Only necessary users should have access to systems and data. Administrator privileges must be tightly controlled.
How Compliance for Confluence helps:
Exports and audits user access to Confluence spaces and pages
Helps identify excessive permissions or unauthorized access
Tracks changes to space permissions, supporting regular access reviews
Enforces least-privilege principles for documentation and configuration data
Security Configuration
Requirement: Systems should be securely configured and regularly reviewed to reduce vulnerabilities.
How Compliance for Confluence helps:
Helps enforce secure configuration of Confluence spaces by limiting administrative access
Allows teams to monitor configuration changes (e.g., permission settings)
Provides evidence that configurations are reviewed and controlled
Patch Management (Indirect support)
Requirement: Devices and software must be kept up to date.
How Compliance for Confluence helps (indirectly):
Allows you to document patching and update policies in Confluence
Secures access to those documents so they are tamper-proof and sufficiently version-controlled
Provides logs showing who accessed or edited update-related documentation
Malware Protection (Indirect support)
Requirement: Malware protection must be active and effective on all devices.
How Compliance for Confluence helps (directly):
Helps restrict access to Confluence pages that may include uploaded files or sensitive data
Allows documentation of malware protection procedures and responsibilities
Assists in controlling exposure through auditing of who can upload or manage attachments
Firewall and Internet Gateways (Indirect support)
Requirement: Firewalls must be configured to protect devices and networks.
How Compliance for Confluence helps (indirectly):
Supports documentation and secure management of firewall rules and policies in Confluence
Tracks edits and permission access to these documents for audit and change control
Helps verify that only authorized personnel can view or modify network configuration records
Summary of what Compliance for Confluence helps with:
Enforces access control and visibility for sensitive documentation
Tracks who made changes to protocol, when, and what was changed
Helps with internal reviews and evidence preparation for audits
Secures compliance documentation and operational procedures
What you will still need to do:
Scan or protect devices, manage firewalls, detect malware, or enforce system-level patches
Manage physical or network security
Replace endpoint protection or system hardening tools
Best Use Case:
If your organization uses Confluence to document internal processes, security policies, user responsibilities, and technical controls (such as patching or admin access reviews), then Compliance for Confluence helps you demonstrate that these documents are:
Properly secured
Auditable
Maintained under change control
Only accessible to appropriate personnel
Cyber Essentials Plus Confluence Compliance Checklist
1. User Access Control
Use Compliance for Confluence to export and audit user access to Confluence spaces.
Regularly review space and page permissions for excessive or outdated access.
Restrict administrative access to essential personnel only.
Apply least-privilege principles across all Confluence content.
Log and retain access reviews as audit evidence.
2. Security Configuration
Limit who can configure Confluence spaces and permission settings.
Use Compliance for Confluence to monitor and log configuration changes.
Review permissions and configuration logs periodically.
Document secure configuration policies in a dedicated Confluence space.
3. Patch Management (Indirect Support)
Document patch management policies and responsibilities in Confluence.
Restrict access to patching documentation to authorized staff.
Use Compliance for Confluence to track edits to patch records and documentation.
Link patch documentation to related system or process pages for visibility.
4. Malware Protection (Indirect Support)
Document anti-malware measures and responsibilities in Confluence.
Use Compliance for Confluence to audit who can upload or modify attachments.
Secure pages that reference malware detection, quarantine, or recovery steps.
Ensure logs are retained showing changes to malware-related procedures.
5. Firewall and Internet Gateways (Indirect Support)
Use Confluence to store and version-control firewall and gateway configuration records.
Restrict access to network documentation using Compliance for Confluence.
Track and review edits to firewall documentation for change control purposes.
Assign owners for each configuration document and review annually.
6. General Security Documentation and Evidence
Maintain a 'Cyber Essentials' space in Confluence for all control documentation.
Use Compliance for Confluence to export permission reports for audit evidence.
Track who edits key documents and when using version history.
Store internal review logs and role-based access reports securely.
See our solutions in action today
For more information on the features and functionality included within Compliance for Confluence, take a look at our listing on the Atlassian Marketplace, with the option to see how our app works for yourself using a 30-day free trial.