CREST is a Delivery Partner for a new National Cyber Security Centre (NCSC) scheme to help you find high-quality providers of cyber incident exercising services. The NCSC Cyber Incident Exercising (CIE) scheme gives customers confidence that CIE Assured Service Providers meet the NCSC’s rigorous standards for cyber incident exercising
Assured cyber incident exercising providers will deliver controlled, scenario-based, tailored exercises that simulate cyber incidents. This will allow a wide range of UK businesses, charities, the public sector and government organisations to rehearse, evaluate and improve their cyber incident response plans.
These providers are assured under the Cyber Incident Exercising Scheme to offer two key forms of cyber incident exercising:
Table-top exercises
Discussion-based sessions bring together relevant teams to discuss their roles and responsibilities, expected activities, and key decision points in accordance with an incident response plan. This will be facilitated by the assured Cyber Incident Exercising provider and driven by a cyber incident scenario.
Live-play exercises
Team members execute their regular roles and responsibilities in response to controlled injects that represent a given cyber incident scenario. Activities and decisions happen in close to real-time. Live play exercises are best suited to mature organisations looking for in-depth validation of incident response plans.
Applications are open to companies regardless of their membership with CREST.
Applications are completed via the CREST Membership Application Portal and reviewed by CREST using criteria agreed with the NCSC.
You should familiarise yourself with the NCSC CIE Technical Standard before starting the application process: https://www.ncsc.gov.uk/information/cie-standard
If you are ready to start the process, please contact: [email protected]
To find an Assured Service Provider, you can:
Companies operating with a registered office in the UK and staff located physically within the UK.
*CREST Members will also be promoted via the CREST Find a Supplier functionality.
UK businesses, charities, public sector and government organisations wanting to exercise within their organisational boundaries.
For non-CREST members there is an annual cost of £1,200.00.* For existing CREST members there is a one-off application cost of £1,200.00.
*To help support an increase in capacity and capability discounts are available to Micro-business with an annual revenue of less than £500,000.00. If you think you are eligible for this, please contact [email protected] for more details.
No, CREST membership is not required to join the scheme.
CREST is a Delivery Partner operating the scheme on behalf of the NCSC.
Your Assured Service Provider status will last for 12 months and is renewed annually.
You will need to carry out a refresher renewal annually with a full renewal every 3 years.
Periodic reviews may also take place in the event of changes to the NCSC CIE Technical Standard.
The assessment process will be concluded within 6 weeks of a completed submission, subject to any feedback and resubmissions.
You will be asked to provide a response to questions designed to assess your company, employees and the governance around delivering Cyber Incident Exercising Services.
This includes elements such as, but not limited to:
The NCSC CIE Technical Standard outlines the standard required of Assured Service Providers when delivering incident exercising services to Target Organisations.
References to the standard are contained within the application form, and therefore you should familiarise yourself with the content.
The NCSC CIE Technical Standard is available on the NCSC Website: https://www.ncsc.gov.uk/information/cie-standard
Your team will need a team lead who has an appropriate level of experience in leading cyber incident exercises.
Initially, this will not be tied to a particular examination or certification, but instead a holistic review of the skills, experience, and competence of the individual via the CREST Skilled Person Register.
For example, the team lead has three year’s worth of experience leading external cyber incident exercises.
Applications can be started using the CREST Membership Application Portal, access to this is typically granted to the person who initially completed your application to join CREST.
If you are unsure of who this person is, please contact [email protected] for further guidance.
Applications can be started using our online portal, known as the CREST Membership Application Portal. An account can be created for you to facilitate your application.
Please contact [email protected] to get started.
Yes, you can opt to join CREST as part of the process.
To find out more please contact [email protected]