All our members undergo rigorous audit and accreditation processes which are meaningful market differentiators that help members to win business and access new markets.
All members feature in our searchable database, connecting them to potential clients and supporting the generation of sales leads.
Members are part of a global community of cyber security providers with access to shared knowledge, expertise and professional development, as well as benefiting from our links with governments and regulators.
Keeping information safe in today’s digital world is a serious challenge which is why all organisations want to be sure that the cyber security companies they engage to test and protect their systems are reputable and competent.
The governments, public services and businesses that buy services from our members do so in the knowledge that these companies are quality assured by us and that their staff are suitably qualified and competent.
All members sign enforceable Codes of Conduct and Ethics and agree to abide by our Complaints and Resolution Measures.
Whether you are an experienced professional, in the early stages of your career or a student considering a career in cyber security, we offer pathways to help you make the right choices and support progress.
We offer professional certification in all the main cyber security disciplines and at all levels. Our examination and career paths are developed by technical information security experts and we work with governments and regulators ensuring our certifications meet the requirements of regulated industries. We also partner with higher education institutions around the world to support students.
CREST is a global community of cyber security businesses and professionals working to keep our information safe in a digital world.
We serve almost 300 member companies worldwide and thousands of cyber security professional hold CREST certifications. We have links to governments and cyber security regulators in every global region and are engaged in initiatives and partnerships to support professionalisation and standards across the industry.
Select discipline option(s)
STAR intelligence-Led Penetration Testing are the assurance of critical functions that are likely to be subject to sophisticated and persistent attack. STAR tests use threat intelligence to deliver these attack simulations to provide assurance that organisations have appropriate countermeasures and responses to detect and prevent cyber-attack The tests are carried out by experienced penetration testing providers on all types of organisations and are considered to be the most realistic form of assurance service within the sector. This is combined with a review of the company’s ability to recognise and react to cyber security related attacks.
Penetration testing is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders and/or malicious to identify attack vectors, vulnerabilities and control weaknesses. It involves the use of a variety of manual techniques supported by automated tools and looks to exploit known vulnerabilities and uses the expertise of the tester to identify specific weaknesses in an organisation’s security arrangements. Penetration testing is often confused with Vulnerability Assessment.
VA is the examination of an information system or product to determine the adequacy of security measures; the identification of security deficiencies; to predict the effectiveness of the proposed security measures; and to confirm the adequacy of such measures after implementation.
Threat Intelligence is defined as contextualised output of a strategically driven process of collection and analysis of information pertaining to the identities, goals, motivations, tools and tactics of malicious entities intending to harm or undermine a targeted organisation’s operations, ICT systems or the information flowing through them. Threat Intelligence is used to carry out specialised penetration testing to deliver highly targeted attacks against organisations to simulate sophisticated threat actors.
Cyber Incident Response is the term used to describe actions undertaken when a computer network or system is compromised, or believed to be compromised. CSIR organisations can evaluate the situation and undertake the most appropriate actions to allow recovery from, and prevent reoccurrence of, the incident.
A SOC is a facility where enterprise information systems (eg. web sites, databases, data centres and servers, networks, etc) are monitored, assessed, and defended. Depending on the nature of the SOC, organisations may offer a variety of services including monitoring, detection, threat hunting, incident management, log analysis, forensic imaging, malware analysis, reverse engineering, mitigation advice and general good practice guidance.
CREST OVS is a new quality assurance standard for the web security industry. CREST OVS is aligned to both OWASP’s Application Security Verification Standard (ASVS) and its Mobile Application Security Verification Standard (MASVS).
CREST OVS is a new quality assurance standard for the web security industry. CREST OVS is aligned to OWASP’s Application Verification Security Standard (ASVS) and Mobile Application Security Verification Standard (MASVS).
CREST OVS is a new quality assurance standard for the web security industry. CREST OVS is aligned to OWASP’s Mobile Application Security Verification Standard (MASVS) and Application Verification Security Standard (ASVS).
CBEST is a Bank of England scheme delivering controlled, bespoke, cyber threat intelligence-led security testing to financial institutions. See https://www.crest-approved.org/membership/cbest/
What is it that you want to do?
What is it that you want to do?
Which industry do you operate in?
In which region do you require this service?
Which level of service do you require? Tick one or more.
Please choose atleast one level !
What is it that you want to do?
Which Government / Regulator programs do you need to find a supplier for?
What outcome do you want from a test?
What test do you require?
Assure Gvernment Schemes – Journey is a mechanism for accrediting Cyber Suppliers to conduct Cyber Audits of Aviation Organisations on behalf of the Civil Aviation Authority.
CBEST Penetration Testing is a Bank of England scheme delivering controlled, bespoke, cyber threat intelligence-led security testing to financial institutions. CBEST accredited companies and professionals demonstrate extremely high levels of technical knowledge, skill and competency.
CBEST Threat Intelligence is is a Bank of England scheme delivering controlled, bespoke, cyber threat intelligence-led security testing to financial institutions. CBEST accredited companies and professionals demonstrate extremely high levels of technical knowledge, skill and competency.
These members have met the requirements for the NCSC CIE offering additional assurance around their capability to perform Cyber Incident Exercising services in accordance with the NCSC CIE Technical Standard
Please note, list only displays those CIR members that are also members of CREST. The NCSC and CPNI certified Cyber Incident Response scheme is small and focused Government-run initiative where capable industry partners deliver services focused on responding to sophisticated, targeted attacks against networks of national significance. It operates in parallel with the CREST Cyber Security Incident Response scheme set up to ensure appropriate standards for incident response.
These members have met the requirements for the NCSC CIRL2 offering additional assurance around their capability to perform incident response services in accordance with the NCSC CIR L2 Technical Standard
Be confident that you are engaging with qualified service providers to assess and improve your cybersecurity posture through a CIS Controls-accredited organization when choosing one of these members
STAR-FS Intelligence-Led Penetration Testing is a framework for intelligence-led penetration testing of the financial sector that mimics the actions of cyber threat actors’ intent on compromising an organisation’s important business services and the technology assets and people supporting those services.
It is used by Regulators to ensure the same rigour whilst reducing their role in its delivery.
STAR-FS Threat Intelligence utilises commercially available threat intelligence services to define realistic and current threat scenarios that will be utilised by the penetration testing teams to replicate real world attacks to operational systems.
Which country do you operate in?
Are you looking for an official NCSC standard or a CREST standard?