Get more info about setting up a new chapter in your area.
Candidates who wish to have equivalent status granted will be required to submit evidence of their OSCP exam pass including their Security Certificate Holder Student ID to CREST for validation. To apply, please email [email protected].
CRT equivalency will be granted where the candidate has taken and passed the OSCP certification within three (3) years* of the date that they apply to CREST for recognition and provided that they also hold a valid pass in the CREST Practitioner Security Analyst (CPSA) qualification. The CPSA qualification may not have been attained under any other equivalency programme. CRT equivalency will be granted from the date that the CPSA qualification was issued.
Eligible candidates that submit an application for equivalency will be required to sign the CREST Code of Conduct for Qualified Individuals. As part of this Code of Conduct, candidates will be required to attest that they are familiar and will comply with the local legal and regulatory requirements for delivering assessments in region.
The time from initial application to CREST CRT equivalency being granted is expected to be five (5) weeks.
Candidates that have been awarded OSCP status more than three (3) years ago will not be eligible for CRT equivalency but please read the Extensions provision below. Candidates that have passed a CREST certification historically will not be eligible to renew their CREST certification through the OSCP route. These candidates will be required to take their CRT reassessment examinations directly with CREST.
By applying to CREST for equivalency, candidates authorise CREST and its equivalency programme partner to share information about the candidate’s training and examination history.
Individuals who are eligible for CRT through an equivalency programme will be excluded from CREST’s submission to the NCSC as part of the UK Government’s CHECK scheme. Candidates operating in the UK that wish to achieve CHECK Team Member status will be required to pass a CREST Registered Penetration Tester examination directly with CREST in line with UK Government requirements.
Candidates will be required to pay a £100 administration fee (or 150USD / 185AUD / 185SGD) which will cover the processing of their application. If this the administration fee is not paid within 30 days, the application will be declined and a new application will need to be submitted.
To retain the CREST CRT qualification, candidates will be required to take the CREST CPSA along with either the OSCP or CREST CRT exams on a three-year cycle. CRT equivalency renewal will be granted from the date that the CPSA qualification was issued.
Re-Certifying with OSCP
OffSec’s certifications such as the OSCP do not expire: once a candidate earns them, they are valid indefinitely. However, as CREST requires individuals that apply for a CRT equivalency to have taken and passed the OSCP certification within three (3) years of the date that they apply to CREST for recognition, OffSec offers a program whereby OSCP-certified individuals can re-take the OSCP exam for the price of a standard exam re-take – 100 GBP / 115 EUR / 150 USD / 185 AUD. This way, the OSCP can be re-issued within the time period required by the CRT equivalency program.
To take part in this program, if a candidate has earned OSCP three or more years ago, they should contact [email protected] with their OSID and make the request to re-take the OSCP exam in support of CREST equivalency; they will then provide the necessary instructions.