Penetration Testing Maturity Assessment Tools

The effectiveness of a penetration testing programme should be regularly evaluated against approved and consistent criteria to determine if objectives have met and ensure value for money.

CREST has developed a suite of maturity assessment tools to help assess the status of a penetration testing programme on the industry standard scale of 1 (least effective) to 5 (most effective).  The suite consists of three spreadsheet-based maturity assessment tools enabling an assessment to be made at a summary, intermediate or detailed level.  The consolidated tool (which is macro-driven) will enable a selection of approaches to be adopted using just one tool.

A detailed overview of the maturity assessment tool can be downloaded here:  Maturity Model Guide  (PDF)

The tool itself can be downloaded as follows:

Penetration Testing Maturity Model (macro-enabled)
Penetration Testing Maturity Model – Intermediate Level
Penetration Testing Maturity Model – Summary Level