CBEST 2016 logo

Working alongside the UK central Bank, the Bank of England (BoE), CREST has developed a framework to deliver controlled, bespoke, intelligence-led cyber security tests that replicate behaviours of those threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat to systemically important financial institutions.  CBEST is the first of initiative of its type to be led by any of the world’s central banks.

CBEST differs from other security testing currently undertaken by the financial services sector because it is threat intelligence based, is less constrained and focuses on the more sophisticated and persistent attacks against critical systems and essential services.  The inclusion of specific cyber threat intelligence will ensure that that the tests replicate as closely as possible the evolving threat landscape and therefore will remain relevant and up to date.

CREST helped to develop the new accreditation standards for CBEST penetration testing, based on the already stringent standards for assessing the capabilities, policies and procedures that CREST member companies have to achieve. CBEST accredited professionals also need to demonstrate extremely high levels of technical knowledge, skill and competency.


A list of CBEST approved suppliers is available here.

Details of the CREST approved providers of intelligence-led penetration testing and cyber threat intelligence can be found as follows:

These organisations will be described as being CREST STAR members to allow the scheme to be extended beyond financial services to other parts of the critical national infrastructure.

An introduction to the CBEST framework is available here.

The CBEST Implementation Guide provides an overview of the CBEST Scheme and how it will be implemented with the support of the security services industry.  It also provides practical advice on how the services under the CBEST Scheme can be procured.  It can be viewed here.

Answers to some frequently asked questions are available here.

Details on the criteria a company must comply with to become a CBEST Provider, for Penetration Testing and/or Threat Intelligence, are available here.

In addition to the documents above, the following are also available under NDA:

CBEST Threat Intelligence Framework: Threat Intelligence Concept of Operations
This document defines best practice standards for the production and consumption of threat intelligence. It is intended to provide CBEST with a foundation for defining and executing intelligence-led cyber threat vulnerability tests in conjunction with accredited suppliers of threat intelligence products and services.

CBEST Threat Intelligence Framework: Qualities of a threat intelligence provider
This document defines a set of qualities that participants should consider when selecting a threat intelligence provider for the purposes of conducting a CBEST test.  CBEST stakeholders can use this document to ensure that the selection of a threat intelligence provider will meet the criteria set out by the programme.

CBEST Threat Intelligence Framework: Threat Model
This document defines an analytical model of cyber threat intelligence in terms of a threat entity’s goal orientation, the capabilities it uses to pursue its goals and its modus operandi.  The model will act as a common guiding template for conducting a cyber threat assessment that will be used by security testers to define a set of realistic and threat-informed cyber attack test scenarios.

Please contact [email protected] for details.