Network Security
Vulnerability Management
Privileged Access Management 
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
London, UK, February 9, 2026 – Heimdal today announced an industry-first approach to Cyber Essentials readiness by publishing a Cyber Essentials control mapping for Privilege Elevation and Delegation Management (PEDM), helping organisations and MSPs enforce least privilege and evidence stronger control over administrative access.
Privileged access remains one of the most exploited paths in modern cyber incidents. Once an attacker lands on a device, their next move is typically to escalate privileges, disable protections, and expand control. Heimdal PEDM is built to break that chain by removing standing admin rights and enabling just enough administration, only when it is required, under policy, with clear accountability.
The first vendor to make PEDM Cyber Essentials-ready
Heimdal is the first vendor to publish a dedicated Cyber Essentials control mapping for PEDM, setting out how privilege management supports Cyber Essentials requirements and what evidence can be produced to support assessment and assurance.
For organisations and MSPs, this closes a common gap: having policy intent, but struggling to prove consistent day-to-day enforcement across endpoints.
Turning Cyber Essentials into real controls you can enforce
Cyber Essentials is a UK Government-backed scheme that sets a baseline of technical controls to help organisations protect against common cyber threats. For many organisations, and especially those supplying the public sector or operating in supply chains, Cyber Essentials has become a practical requirement. For MSPs, it is also a repeatable baseline they can help customers implement and maintain.
Heimdal PEDM supports this by enabling organisations to:
- Remove local admin rights by default, while keeping teams productive
- Permit privilege elevation only for approved applications, tasks, and time windows
- Apply just enough administration so users get what they need, not what attackers want
- Reduce the chance of misuse, persistence, and lateral movement
- Generate auditable records of privileged actions to support governance and assurance
“Most breaches do not start with Hollywood hacking. They start with access, followed by privilege,” said Morten Kjaersgaard, Chairman & Founder at Heimdal.
“Cyber Essentials forces a basic question: who has admin rights, and why. Our answer is simple. Default to standard user, then grant just enough administration for the task, for the time needed, with proof. That is how you shut down the easiest breach path without slowing the business.”
Supporting the broader Cyber Essentials baseline
Privileged access is only one part of the Cyber Essentials baseline. Heimdal’s wider platform helps organisations strengthen related areas such as patching, malware protection, DNS threat prevention, ransomware defences, and centralised reporting, supporting a more complete security posture without tool sprawl.
Availability
The Cyber Essentials control mapping for Heimdal PEDM and supporting PEDM capabilities are available now.
This release also includes PEDM Cloud AV scanning and USB Management enhancements to improve allowlisting and tracking across environments.
To learn more, visit: here or contact: Danny Mitchell (dmi@heimdalsecurity.com).
For channel partnership enquiries, contact: James Webb (jwe@heimdalsecurity.com).
About Heimdal
Heimdal provides a unified security and compliance platform spanning prevention, detection, access control, and reporting, helping organisations reduce operational overhead and strengthen control across the attack chain.
Note: Cyber Essentials is a UK Government-backed scheme. Heimdal’s control mapping is provided to support readiness and evidence collection and does not imply endorsement by any scheme body.
If you liked this article, follow us on LinkedIn, X, Facebook, and Youtube, for more cybersecurity news and topics.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
