CREST Registered Penetration Tester (CRT Pen) equivalency for OSCP Certified Candidates
CREST and Offensive Security are delighted to be working together to drive greater confidence in the capabilities of the Penetration Testing industry. In July 2015, both parties entered in to a partnership which allows Offensive Security OSCP certified individuals to be granted CREST CRT (Pen) equivalency.
Since June 2016, the CRT and CPSA examinations have undergone a series of changes. The CPSA is now a multiple choice only examination delivered entirely through the Pearson Vue testing centre network. This examination is a pre-requisite to the CRT examination, which is a 100% practical examination, delivered at CREST testing centres.
These changes have understandably brought about a series of questions about how the three examinations work in conjunction with another. You are advised to read the Guidance here on how candidates should navigate this new exam structure.
OFFENSIVE SECURITY OSCP CANDIDATES – INSTRUCTIONS FOR CREST CRT (Pen) EQUIVALENCY:
Candidates that wish to have equivalent status granted will be required to submit a current CV/resumé, along with evidence of their OSCP exam pass (including Offensive Security ID) to CREST for validation. CRT equivalency will be granted where the candidate has taken and passed the OSCP certification within three (3) years of the date that they apply to CREST for registration. Candidates that have been awarded OSCP status more than three (3) years ago will not be eligible for CRT equivalency. Candidates that have passed a CREST certification historically will not be eligible to renew their CREST certification through the OSCP route. These candidates will be required to take their CRT reassessment examinations directly with CREST.
Individuals seeking the more specialized CREST Certified Tester qualifications (CCT) must apply in the normal way. Click here for the Examinations Booking page.
OSCP Taken First, (No existing CREST Certifications)
Provide evidence of OSCP examination pass and pay £350 (or US$500) fee to CREST. CREST will then issue candidate with a voucher that will give the candidate eligibility to sit the CREST CPSA examination at a Pearson Vue Test Centre. On passing the examination, CREST will issue CRT (PEN) equivalency.
Current CREST CPSA taken first (pre 6th June 2016). OSCP taken second
Candidates that have old style CPSA exams are not able to use these as part of the OSCP to CRT equivalency programme. The CPSA exam experienced significant changes in May 2016, and consequently the question bank has experienced significant change. Candidates that have an old CPSA certification and that are awarded an OSCP certification are encouraged to apply for CRT equivalency under the standard OSCP/CRT equivalency programme. After paying a £350 (or US$500) administration fee, candidates will be given a voucher that will entitle them to take the CPSA top up examination at a Pearson Vue Test Centre.
New CPSA taken alongside OSCP
Candidates that take CPSA first and then take their OSCP are eligible to be granted CRT (Pen) equivalency. There is a £100 processing fee (or US$135) for candidates pursuing this approach. This covers the exam checks that take place between CREST and Offensive security. After paying £100 (or US$135) and on receipt of appropriate exam checks from Offensive Security, candidates will be awarded CRT (Pen) certifications.
Individuals that are eligible for CRT (Pen) through the Offensive OSCP equivalency program will be excluded from CREST’s submission to the NCSC as part of the CHECK scheme. Candidates operating in the UK that wish to achieve CHECK Team Member status will be required to pass a CREST CRT (Pen) exam directly with CREST in line with UK government requirements.
Eligible candidates that submit an application for equivalency will be required to sign the CREST Code of Conduct for Individuals. This is available from the Portal. As part of this Code of Conduct, candidates will be required to attest that they are familiar and will comply with the local legal and regulatory requirements for delivering assessments in region. On signing this document, CRT (Pen) equivalency will be granted for a fixed term duration. The time from initial application to CREST CRT equivalency being granted is expected to be five (5) weeks. Within six (6) months of being awarded CREST CRT (Pen) equivalence, the candidate will be required to sit a CREST CPSA examination.
Candidates will be required to pay a £350 (or $500USD) administrative fee which will cover the processing of their application, along with one attempt at a CREST top-up exam.
CREST CRT (Pen) equivalency will be for a maximum of four (4) years from the date on which the OSCP certification was officially awarded or three (3) years after the equivalence was issued, whichever occurs first. CRT (Pen) equivalency will terminate on the fourth anniversary of the OSCP certification award date or three (3) years after the equivalence was issued, whichever comes first, and candidates will be required to take the CREST CRT (Pen) exam to maintain CREST CRT (Pen) status. CREST will require candidates that have been awarded CRT (Pen) equivalency to take the CREST CPSA examination within six (6) months of CRT equivalency being granted. If the candidate fails to pass the CPSA exam within the six (6) month window, then CRT (Pen) equivalency will be revoked.
Equivalency to other certifications
At the request of the candidate CREST currently passes CRT (Pen) approved candidates to the UK Government the NCSC CHECK scheme for recognition as a CHECK Team Member. Candidates that are awarded CRT (Pen) equivalency through the OSCP certification will NOT be eligible to be passed to the NCSC for acceptance on to the CHECK scheme. Instead, candidates that wish to be recognised as CHECK Team Members will be required to pass the CREST Registered Penetration Testing examination for acceptance on to the CHECK scheme, or sit one of NCSC’s other recognised certification programs.
By applying to CREST for CRT (Pen) equivalency, Offensive Security candidates authorise CREST and Offensive security to share information about the candidates training and exam history.
CPSA Examination Details
Candidates will be required to take the CPSA examination within six (6) months from being awarded CRT equivalency. This was previously referred to as the OSCP/CRT top-up exam.
During this time period, candidates will be issued with a CRT (Pen) Certificate that will be valid for six (6) months.
Candidates can sit the CPSA examination in multiple test centres geographically dispersed across the world. Full details on the examination, including the syllabus, can be downloaded from the CPSA examination page.
Once candidates have passed the CPSA exam, they will be issued with a new CREST CRT (Pen) certificate that will be valid for a maximum of four (4) years from the date on which the OSCP certification was officially awarded or three (3) years after the equivalence was issued, whichever occurs first.
Candidates that fail the CPSA exam on their first attempt will be allowed to re-sit the examination after seven (7) days have passed from the initial exam attempt. Each resit will be charged at £250 (or US$400) per resit attempt. Please note that the candidate must have achieved a pass score within six (6) months of the original CREST application. If a candidate fails the CPSA examination four times, they must wait six months before attempting to retake it – please read the CREST Examination Terms and Conditions for further information.