Login to profile

European Cybersecurity Skills Framework

Improving standardisation across Europe

As a strong supporter of standardisation in the cyber industry, we've joined forces with The European Union Agency for Cybersecurity (ENISA) to map our certifications to its European Cyber Security Framework (ECSF).

As part of a team of leading bodies in the industry, we've mapped our certifications against the framework to better support individuals in their career progression, and enable organisations and training providers to provide improved services for clients and training for their employees.

The ECSF has been developed to provide a common understanding of cyber security roles across the European Cyber Security landscape.

Please note: the recommendations are based on the coverage of knowledge and skills topics for each role, rather than coverage of tasks, and are limited to roles where CREST certifications provide a high level of coverage.

Cyber roles and capabilities often overlap and the ECSF is no different. The mapping of ECSF roles to CREST certifications considers a multi-skilled approach and offers alignment to additional roles and skills which may benefit organisations and individuals as they plan their capability development.

Mapping methodology: CREST offers certifications in 3 curriculum areas. Penetration Testing, Threat Intelligence and Incident Response and at three levels Practitioner (Introductory), Registered (Intermediate) and Certified (Advanced). The more advanced the exam then the more technical detail will be assessed which will determine the capability and expertise of the candidate.

To find out more about CREST certifications that are mapped to the ECSF, please contact [email protected]


Please see The ECSF Role Profiles document for information on the roles and their skills, tasks and knowledge.

CREST certifications aligned to the ECSF

Penetration Testing

 

LevelCertificationECSF roleECSF roleECSF roleECSF role
PractitionerCREST Practitioner Security Analyst (CPSA)
RegisteredCREST Registered Penetration Tester (CRT)
CertifiedCREST Certified Tester - Infrastructure (CCT INF)
CertifiedCREST Certified Tester - Application (CCT APP)
CertifiedCREST Certified Simulated Attack Specialist (CCSAS)
CertifiedCREST Certified Simulated Attack Manager (CCSAM)

 

Whilst the Penetration Testing ECSF role has the highest mapping correlation, there is some alignment at Registered Level and significant alignment at the Certified Level to:  

 

Cybersecurity Implementer  

Skills:

– Conduct detailed Pen Tests and Vulnerability Assessments
– Network configuration
– Security

 

Cybersecurity Researcher 

Skills:

– Understand legal and regulatory frameworks

– Identify new threats and vulnerabilities

– Monitor advances in security-related technologies

 

Cybersecurity Risk Manager 

Skills:

Contextualize cybersecurity risks to relevant stakeholders
Monitor and evaluate the effectiveness of security controls

Recommend best practices

Threat Intelligence

 

LevelCertificationECSF roleECSF role
PractitionerCREST Practitioner Threat Intelligence Analyst (CPTIA)
RegisteredCREST Registered Threat Intelligence Analyst (CRTIA)
CertifiedCREST Certified Threat Intelligence Manager (CCTIM)

 

Whilst the Threat Intelligence ECSF role has the highest mapping correlation, there is also significant alignment at the Certified Level to:  

 

Cybersecurity Risk Manager 

Skills:

– Contextualize cyber security risks to relevant stakeholders
– Communicate, present and report to relevant stakeholders
– Recommend best practices

Incident Response

 

LevelCertificationECSF roleECSF role
PractitionerCREST Practitioner Intrusion Analyst (CPIA)
RegisteredCREST Registered Intrusion Analyst (CRIA)
CertifiedCREST Certified Incident Manager (CCIM)

 

Whilst the Incident Response ECSF role has the highest mapping correlation, there is also significant alignment at the Certified Level to:  

 

Cybersecurity Risk Manager 

Skills:

– Contextualize cyber security risks to relevant stakeholders
– Communicate, present and report to relevant stakeholders
– Recommend best practices