OSCP and CRT Equivalency
CREST Registered Penetration Tester equivalency for OSCP Certified Candidates
CREST and Offensive Security are delighted to work together to drive greater confidence in the capabilities of the penetration testing industry. In July 2015, both parties entered into a partnership which allowed Offensive Security OSCP certified individuals to be granted CREST Registered Penetration Tester (CRT) equivalency.
Offensive Security OSCP Candidates – Instructions for CREST Equivalency
Candidates that wish to have equivalent status granted will be required to submit a current CV/resumé, along with evidence of their OSCP exam pass (including Offensive Security ID) to CREST for validation (please email [email protected]). CRT equivalency will be granted where the candidate has taken and passed the OSCP certification within three (3) years of the date that they apply to CREST for registration. Candidates that have been awarded OSCP status more than three (3) years ago will not be eligible for CRT equivalency. Candidates that have passed a CREST certification historically will not be eligible to renew their CREST certification through the OSCP route. These candidates will be required to take their CRT reassessment examinations directly with CREST.
Individuals seeking the more specialized CREST Certified Tester qualifications (CCT) must apply in the normal way. Please see How to Book Your Examination
• OSCP Taken First, no existing CREST Certifications
Candidates must provide evidence of OSCP examination pass and pay the £375 fee to CREST. CREST will then issue candidate with a voucher that will give the candidate eligibility to sit the CREST CPSA examination at a Pearson Vue Test Centre. On passing the examination, CREST will issue CRT equivalency.
• CPSA taken before or alongside OSCP
Candidates that take CPSA first and then take their OSCP are eligible to be granted CRT equivalency. There is a £100 processing fee for candidates pursuing this approach. This covers the exam checks that take place between CREST and Offensive security. After paying £100 and on receipt of appropriate exam checks from Offensive Security, candidates will be awarded the CRT certification. The CRT certification will be valid either for four years from the date that the candidate obtained OSCP certification, or for three years from the date that the candidate obtained the equivalency, whichever occurs first. The equivalency date counts from when the required processing fee is received by CREST.
Candidates that wish to have equivalent status granted will be required to submit a current resumé, along with evidence of their OSCP exam pass, (including Offensive Security ID) to CREST for validation. Eligible candidates that submit an application for equivalency will be required to sign the CREST Code of Conduct for Qualified Individuals. As part of this Code of Conduct, candidates will be required to attest that they are familiar and will comply with the local legal and regulatory requirements for delivering assessments in region. On signing this document, CRT equivalency will be granted for a fixed term duration. The time from initial application to CREST CRT equivalency being granted is expected to be five (5) weeks.
Within six (6) months of being granted CREST CRT equivalence, the candidate will be required to pass the CREST CPSA examination.
Candidates will be required to pay a £375 (or $500USD) administrative fee which will cover the processing of their application, along with one attempt at the CREST CPSA exam.
CREST CRT equivalency will be for a maximum of four (4) years from the date on which the OSCP certification was officially awarded or three (3) years after the equivalence was issued, whichever occurs first. CRT equivalency will terminate on the fourth anniversary of the OSCP certification award date or three (3) years after the equivalence was issued, whichever comes first, and candidates will be required to take the CREST CRT exam to maintain CREST CRT status. CREST will require candidates that have been awarded CRT equivalency to pass the CREST CPSA examination within six (6) months of CRT equivalency being granted. If the candidate fails to pass the CPSA exam within the six (6) month window, then CRT equivalency will be revoked. Candidates may re-apply one more time for equivalency recognition and the same criteria above will apply. For the avoidance of doubt, equivalency will only be granted without having passed the CPSA examination for a maximum of 12 months.
Individuals that are eligible for CRT through the Offensive OSCP equivalency program will be excluded from CREST’s submission to the NCSC as part of the UK Government’s CHECK scheme. Candidates operating in the UK that wish to achieve CHECK Team Member status will be required to pass a CREST Registered Penetration Tester exam directly with CREST in line with UK government requirements.
EQUIVALENCY TO OTHER CERTIFICATIONS
At the request of the candidate, CREST currently passes CRT approved candidates’ details to the UK Government’s CHECK scheme for recognition as a CHECK Team Member. Candidates that are awarded CRT equivalency through the OSCP certification will NOT be eligible to be passed to the NCSC for acceptance on to the CHECK scheme. Instead, candidates that wish to be recognised as CHECK Team Members will be required to pass CREST Registered Penetration Testing examinations, or sit one of the NCSC’s other recognised certification programs, for acceptance on to the CHECK scheme.
By applying to CREST for CRT equivalency, Offensive Security candidates authorise CREST and Offensive security to share information about the candidates training and exam history.
CPSA EXAMINATION DETAILS
Candidates will be required to take the CPSA examination within six (6) months from being granted CRT equivalency. The CPSA examination is delivered at Pearson Vue test centres globally.
Once candidates have passed the CPSA exam, they will be issued with a CREST CRT certificate that will be valid for a maximum of four (4) years from the date on which the OSCP certification was officially awarded or three (3) years after the equivalence was issued, whichever occurs first.
Candidates that fail the CPSA exam on their first attempt will be allowed to re-sit the examination after seven (7) days have passed from the initial exam attempt. Each resit will be charged at £275 per resit attempt. There are limits placed on the number of re-sit attempts that a candidate can take – please refer to the Examination FAQs. Please also note that candidates must achieve a pass score within six (6) months of the original CREST application or the equivalency status will be revoked. As previously stated, candidates may re-apply for equivalency recognition one more time and the same criteria above will apply. For the avoidance of doubt, equivalency will only be granted without having passed the CPSA examination for a maximum of 12 months.