Applications now open for CREST CTI, TISA and TLPT accreditations 

March 2026

First introduced in November 2025, these updated standards are now live and available for application. They also introduce revised naming to reflect how these services are delivered in practice: 

• TISA (Threat Intelligence for Simulated Attack) — formerly STAR TI 
• TLPT (Threat-Led Penetration Testing) — formerly STAR ILPT 

Quick links: 

Start your application: 

• Existing CREST Members
• New to CREST

Learn more: 

• Benefits of our new Standards 
• Download the accreditation standards 

What’s new? 

The updated standards bring threat intelligence and testing into a more structured, connected model: 

CTI → TISA → TLPT 

• CTI focuses on threat intelligence capability 
• TISA focuses on how intelligence is applied to testing 
• TLPT focuses on the delivery of threat-led testing 

This reflects how these services operate in practice, particularly in regulated and enterprise environments. 

As Jonathan Armstrong, Head of Product at CREST, explains: 

“These standards have been updated to reflect current expectations across regulated and enterprise environments, where organisations are increasingly required to demonstrate capability in a structured, verifiable way.” 

What each accreditation covers 

CTI: Cyber Threat Intelligence 

CTI focuses on how intelligence functions are structured and delivered, including: 

• Governance and lifecycle management 
• Ethical and legal use of intelligence 
• Analytical quality and outputs 

It provides a foundation for progression to TISA and TLPT. 

TISA and TLPT: intelligence-led testing 

TISA and TLPT focus on how intelligence is applied and delivered within testing. Together, they assess an organisation’s ability to: 

• Develop credible threat scenarios 
• Apply intelligence to testing design 
• Deliver testing consistently 
• Align with frameworks such as CBEST, TIBER and DORA 

Who this is for 

These new standards support organisations at different stages: 

• Existing CREST Members: extend your capability and strengthen positioning in regulated and enterprise markets 
• Organisations part of CREST’s Pathway and Pathway+ programme: progress from development to accreditation with a clearer structure 
• New providers: establish a recognised entry point and demonstrate capability in a consistent format 

Applications for all three Standards are now open 

Applying now allows organisations to review requirements, prepare internally, and engage with CREST ahead of assessment. 

Important: deadlines and transitions 

• Applications in progress for STAR TI and STAR ILPT must be submitted before the transition deadline 01 June 2026 
• All new applications should now be made under TISA and TLPT 
• If you have already started, review the updated standards to ensure alignment 

If you are unsure which route applies, CREST can advise. Contact the CREST Accreditation team for guidance: https://support.crest.org/  

Next steps 

If your organisation delivers, or is developing, threat intelligence or intelligence-led testing services, you can begin the process now. 

1. Start your application:

• Existing CREST Member
• New CREST Member

2. Download the standards 

3. Contact the CREST Accreditations team for guidance