Introducing the new CREST Penetration Testing Accreditation Standard 

CREST have publicly released their Accreditation Standards, which includes the standard for Penetration Testing. Our Director, Tim Reed, has been working closely with CREST on the development of this new Accreditation Standard. The standard requires member companies to meet the standards set by CREST in order to deliver accredited services.  

Our close collaboration with CREST in creating this standard is a testament to our expertise and commitment to enhancing penetration testing practices and ensuring that our clients receive the highest quality of penetration testing services.  

Who are CREST? link

CREST is a non-profit organisation that sets the benchmark for cyber security professionals and organisations. The new CREST Penetration Testing Accreditation Standard is a publicly available document that defines the requirements for member companies to ensure they adhere to industry best practices.  

Overview of the Accreditation Standard link

The CREST Penetration Testing Accreditation Requirements are designed to ensure that member companies provide the best possible services to their clients. The requirements are broken down into six specific areas, or “domains,” each addressing a critical aspect of penetration testing: 

• Preparation: This domain lays the foundation for successful penetration testing projects, covering aspects such as NDAs, contracts, information security controls, and pre-engagement briefings with clients. 
• Scoping: Ensures that all client requirements are documented and adhered to within the project scope, and establishes clear communication channels between member companies and their clients, incident response planning, monitoring, communication and data transmission. 
• Assignment execution: Focuses on following a clearly defined methodology for delivering services in line with industry best practices, ensuring the security of sensitive client information and the testing environment, and requires the member company to have clear exploitation procedures. 
• Post-technical delivery and reporting: Aims to ensure high-quality project reporting and QA, with clear communication of any identified vulnerabilities to clients and a defined system for rating the severity of findings. 
• People: Emphasizes the importance of technical expertise, continuous learning, and community engagement among team members. 
• Technology and tools: Ensures that the tools used are up-to-date, effective, and secure. Requires the member company to use an effective blend of automated and manual techniques. Find out more about our thoughts on automated vs manual pentesting here.  

Key features of the Accreditation Standard link

The new standard focuses on several key areas to ensure the highest quality of penetration testing services and to re-enforce the value of penetration testing as a vital part of any cyber security program: 

• Client requirements: Ensuring that client requirements are identified and met with appropriate services, providing the most value and impact for money. 
• Client communications: Defining clear communication channels to ensure clients have the information they need to make the most of their penetration testing engagements. 
• Security of testing environments and client data: Ensuring that client data is safe and secure throughout the testing process. 
• Comprehensive approach: A structured approach to conducting penetration tests, ensuring that vulnerabilities are uncovered and addressed, leading to a stronger security posture and reduced risk of breaches. 
• Continuous improvement: Encouraging continuous learning and improvement among team members to keep up with and drive security advancements. 
• Community engagement: Supporting the broader cybersecurity community through activities such as attending events, publishing research, and developing open-source tools. 

Benefits of working with a CREST-approved company link

Choosing a company like Sentrium for your CREST penetration testing needs offers several benefits: 

• Formal scoping procedures: Ensuring that your requirements are met and principal security concerns are addressed. 
• Consistent quality and professionalism: Assurance of high-quality, secure, and professional penetration testing services. 
• Increased trust: Adherence to industry best practices and legal requirements increases trust in the services provided. 
• Improved vulnerability identification: Detailed and transparent methodologies and reporting improve vulnerability identification and risk management. 

Conclusion link

At Sentrium, we are dedicated to providing top-notch penetration testing services that adhere to the highest standards. Our involvement in developing the new CREST Penetration Testing Accreditation Standard is a testament to our expertise and commitment to the cybersecurity community. We encourage clients to choose certified companies like Sentrium for their cybersecurity needs. If you have any requirements, please get in touch with us.