The effectiveness of a penetration testing programme should be regularly evaluated against approved and consistent criteria to determine if objectives have met and ensure value for money.
CREST has developed a suite of maturity assessment tools to help assess the status of a penetration testing programme on the industry standard scale of 1 (least effective) to 5 (most effective). The suite consists of three spreadsheet-based maturity assessment tools enabling an assessment to be made at a summary, intermediate or detailed level. The consolidated tool (which is macro-driven) will enable a selection of approaches to be adopted using just one tool.
A detailed overview of the maturity assessment tool can be downloaded here: Maturity Model Guide (PDF)
The tool itself can be downloaded as follows: