NCSC (CHECK)

CHECK is a UK Government programme under which the National Cyber Security Centre (NCSC), which is part of the Government Communications Headquarters (GCHQ) approves cyber security service providers to carry out authorised penetration tests of public sector and critical national infrastructure (CNI) systems and networks.

Companies providing CHECK services must do so using staff who hold UK Cyber Security Council (CSC) approved qualifications and have suitable experience. Penetration tests must be conducted using NCSC-recognised methods.

CREST works in collaboration with the CSC to provide a set of examinations that are acceptable and meet the requirements of private and public sectors.

The CSC will require all CHECK Team Leaders and Members to have passed an approved professional examination and to be awarded a Professional Title at either Chartered or Principal for CHECK Team Leader or Practitioner for CHECK TEAM Member.

CSC will accept a pass from one of the following CREST examinations as part of Chartership Applications, however approvals for CHECK status will remain with NCSC.

• CHECK Team Leader (Infrastructure) – CREST Certified Infrastructure Tester (CCT Inf)
• CHECK Team Leader (Web Applications) – CREST Certified Web Application Tester (CCT App)
• CHECK Team Member – CREST Registered Penetration Tester (CRT)

A pass in any one of these examinations merely demonstrates technical competence and does not replace the other requirements to attain CHECK Team Leader/Team Member status.

More information on the CHECK scheme can be found at CHECK – penetration testing – NCSC.GOV.UK.