As a strong supporter of standardisation in the cyber industry, we've joined forces with The European Union Agency for Cybersecurity (ENISA) to map our certifications to its European Cyber Security Framework (ECSF).
As part of a team of leading bodies in the industry, we've mapped our certifications against the framework to better support individuals in their career progression, and enable organisations and training providers to provide improved services for clients and training for their employees.
The ECSF has been developed to provide a common understanding of cyber security roles across the European Cyber Security landscape.
Please note: the recommendations are based on the coverage of knowledge and skills topics for each role, rather than coverage of tasks, and are limited to roles where CREST certifications provide a high level of coverage.
Cyber roles and capabilities often overlap and the ECSF is no different. The mapping of ECSF roles to CREST certifications considers a multi-skilled approach and offers alignment to additional roles and skills which may benefit organisations and individuals as they plan their capability development.
Mapping methodology: CREST offers certifications in 3 curriculum areas. Penetration Testing, Threat Intelligence and Incident Response and at three levels Practitioner (Introductory), Registered (Intermediate) and Certified (Advanced). The more advanced the exam then the more technical detail will be assessed which will determine the capability and expertise of the candidate.
To find out more about CREST certifications that are mapped to the ECSF, please contact [email protected]
Please see The ECSF Role Profiles document for information on the roles and their skills, tasks and knowledge.
Level | Certification | ECSF role | ECSF role | ECSF role | ECSF role |
---|---|---|---|---|---|
Practitioner | CREST Practitioner Security Analyst (CPSA) | ||||
Registered | CREST Registered Penetration Tester (CRT) | ||||
Certified | CREST Certified Tester - Infrastructure (CCT INF) | ||||
Certified | CREST Certified Tester - Application (CCT APP) | ||||
Certified | CREST Certified Simulated Attack Specialist (CCSAS) | ||||
Certified | CREST Certified Simulated Attack Manager (CCSAM) |
Whilst the Penetration Testing ECSF role has the highest mapping correlation, there is some alignment at Registered Level and significant alignment at the Certified Level to:
Cybersecurity Implementer
Skills:
– Conduct detailed Pen Tests and Vulnerability Assessments
– Network configuration
– Security
Cybersecurity Researcher
Skills:
– Understand legal and regulatory frameworks
– Identify new threats and vulnerabilities
– Monitor advances in security-related technologies
Cybersecurity Risk Manager
Skills:
– Contextualize cybersecurity risks to relevant stakeholders
– Monitor and evaluate the effectiveness of security controls
– Recommend best practices
Level | Certification | ECSF role | ECSF role |
---|---|---|---|
Practitioner | CREST Practitioner Threat Intelligence Analyst (CPTIA) | ||
Registered | CREST Registered Threat Intelligence Analyst (CRTIA) | ||
Certified | CREST Certified Threat Intelligence Manager (CCTIM) |
Whilst the Threat Intelligence ECSF role has the highest mapping correlation, there is also significant alignment at the Certified Level to:
Cybersecurity Risk Manager
Skills:
– Contextualize cyber security risks to relevant stakeholders
– Communicate, present and report to relevant stakeholders
– Recommend best practices
Level | Certification | ECSF role | ECSF role |
---|---|---|---|
Practitioner | CREST Practitioner Intrusion Analyst (CPIA) | ||
Registered | CREST Registered Intrusion Analyst (CRIA) | ||
Certified | CREST Certified Incident Manager (CCIM) |
Whilst the Incident Response ECSF role has the highest mapping correlation, there is also significant alignment at the Certified Level to:
Cybersecurity Risk Manager
Skills:
– Contextualize cyber security risks to relevant stakeholders
– Communicate, present and report to relevant stakeholders
– Recommend best practices