OSCP and CRT Equivalency
CREST Registered Penetration Tester equivalency for OSCP Certified Candidates
CREST and Offensive Security are delighted to work together to drive greater confidence in the capabilities of the penetration testing industry. In July 2015, both parties entered into a partnership which allowed Offensive Security OSCP certified individuals to be granted CREST Registered Penetration Tester (CRT) equivalency.
In 2016, CREST further announced that the CRT examination and CPSA would undergo a series of changes. For examinations delivered after June 6th 2016, the CPSA will become a multiple choice only examination delivered entirely through the Pearson Vue testing centre network. This examination will become a pre-requisite to the CRT examination, which in turn will become a 100% practical examination, delivered at CREST testing centres.
These changes have understandably brought about a series of questions about how the three examinations work in conjunction with another. You are advised to read the Guidance here on how candidates should navigate this new exam structure.
Offensive Security OSCP Candidates – Instructions for CREST Equivalency
Candidates that wish to have equivalent status granted will be required to submit a current CV/resumé, along with evidence of their OSCP exam pass (including Offensive Security ID) to CREST for validation (please email [email protected]). CRT equivalency will be granted where the candidate has taken and passed the OSCP certification within three (3) years of the date that they apply to CREST for registration. Candidates that have been awarded OSCP status more than three (3) years ago will not be eligible for CRT equivalency. Candidates that have passed a CREST certification historically will not be eligible to renew their CREST certification through the OSCP route. These candidates will be required to take their CRT reassessment examinations directly with CREST.
Individuals seeking the more specialized CREST Certified Tester qualifications (CCT) must apply in the normal way. Click here for the Examinations Booking page.
• OSCP Taken First, (No existing CREST Certifications)
Provide evidence of OSCP examination pass and pay £350 fee to CREST. CREST will then issue candidate with a voucher that will give the candidate eligibility to sit the CREST CPSA examination at a Pearson Vue Test Centre. On passing the examination, CREST will issue CRT equivalency.
• Current CREST CPSA taken first (pre 6th June 2016); OSCP taken second
Candidates that have old style CPSA exams are not able to use these as part of the OSCP to CRT equivalency programme. The CPSA exam experienced significant changes in May 2016, and consequently the question bank has experienced significant change. Candidates that have an old CPSA certification and that are awarded an OSCP certification are encouraged to apply for CRT equivalency under the standard OSCP/CRT equivalency programme. After paying a £350 administration fee, candidates will be given a voucher that will entitle them to take the CPSA top up examination at a Pearson Vue Test Centre.
• New CPSA taken alongside OSCP
Candidates that take CPSA first and then take their OSCP are eligible to be granted CRT equivalency. There is a £100 processing fee for candidates pursuing this approach. This covers the exam checks that take place between CREST and Offensive security. After paying £100 and on receipt of appropriate exam checks from Offensive Security, candidates will be awarded the CRT certification. The CRT certification will be valid either for four years from the date that the candidate obtained OSCP certification, or for three years from the date that the candidate obtained the equivalency, whichever occurs first. The equivalency date counts from when the required processing fee is received by CREST.
Individuals that are eligible for CRT through the Offensive OSCP equivalency program will be excluded from CREST’s submission to the NCSC as part of the UK Government’s CHECK scheme. Candidates operating in the UK that wish to achieve CHECK Team Member status will be required to pass a CREST Registered Penetration Tester exam directly with CREST in line with UK government requirements.
Candidates that wish to have equivalent status granted will be required to submit a current resumé, along with evidence of their OSCP exam pass, (including Offensive Security ID) to CREST for validation. Eligible candidates that submit an application for equivalency will be required to sign the CREST Code of Conduct for Individuals. As part of this Code of Conduct, candidates will be required to attest that they are familiar and will comply with the local legal and regulatory requirements for delivering assessments in region. On signing this document, CRT equivalency will be granted for a fixed term duration. The time from initial application to CREST CRT equivalency being granted is expected to be five (5) weeks. Within six (6) months of being awarded CREST CRT equivalence, the candidate will be required to sit a CREST CPSA examination.
Candidates will be required to pay a £350 (or $500USD) administrative fee which will cover the processing of their application, along with one attempt at a CREST top-up exam.
CREST CRT (Pen) equivalency will be for a maximum of four (4) years from the date on which the OSCP certification was officially awarded or three (3) years after the equivalence was issued, whichever occurs first. CRT equivalency will terminate on the fourth anniversary of the OSCP certification award date or three (3) years after the equivalence was issued, whichever comes first, and candidates will be required to take the CREST CRT exam to maintain CREST CRT status. CREST will require candidates that have been awarded CRT equivalency to take the CREST CPSA examination within six (6) months of CRT equivalency being granted. If the candidate fails to pass the CPSA exam within the six (6) month window, then CRT equivalency will be revoked.
EQUIVALENCY TO OTHER CERTIFICATIONS
At the request of the candidate, CREST currently passes CRT approved candidates’ details to the UK Government’s CHECK scheme for recognition as a CHECK Team Member. Candidates that are awarded CRT equivalency through the OSCP certification will NOT be eligible to be passed to the NCSC for acceptance on to the CHECK scheme. Instead, candidates that wish to be recognised as CHECK Team Members will be required to pass CREST Registered Penetration Testing examinations, or sit one of the NCSC’s other recognised certification programs, for acceptance on to the CHECK scheme.
By applying to CREST for CRT equivalency, Offensive Security candidates authorise CREST and Offensive security to share information about the candidates training and exam history.
CPSA EXAMINATION DETAILS
Candidates will be required to take the CPSA examination within six (6) months from being awarded CRT equivalency. This was previously referred to as the OSCP/CRT top-up exam.
During this time period, candidates will be issued with a CRT Certificate that will be valid for six (6) months.
Candidates will be able to sit the CPSA examination in multiple test centres geographically dispersed across the world from 6 June 2016.
Once candidates have passed the CPSA exam, they will be issued with a new CREST CRT certificate that will be valid for a maximum of four (4) years from the date on which the OSCP certification was officially awarded or three (3) years after the equivalence was issued, whichever occurs first.
Candidates that fail the CPSA exam on their first attempt will be allowed to re-sit the examination after seven (7) days have passed from the initial exam attempt. Each resit will be charged at £250 per resit attempt. There are limits placed on the number of re sit attempts that a candidate can take – please refer to the Examination FAQs. Please also note that candidates must achieve a pass score within six (6) months of the original CREST application or the equivalency status will be revoked.