STAR/CBEST Applications: What are the skills/qualifications that individuals in a company should hold to be accepted?
The international STAR scheme requirements are as follows:
STAR Penetration Testing:
• You must employ or contract a staff member who holds at least CCT INF.
STAR Threat Intelligence
• You must employ or contract a staff member who holds at least a CC TIM.
Should the staff member be a contractor, you may be asked to provide evidence of your contractor process and the agreement you have in place.
The requirements for CBEST are as follows:
CBEST Penetration Testing:
- Documented completion of 14000 hours of cyber penetration testing experience with 4,000 hours experience in financial institutions for each potential CBEST team member;
- Consultants holding CC SAM and CC SAS qualifications. Please note that CC SAM qualified staff must be based in the UK.
CBEST Threat Intelligence:
- Documented completion of 7,000 hours (est. 2 years) experience of providing of threat intelligence services to financial institutions for each potential CBEST team member;
- Consultants holding CC TIM qualification. Please note that the Bank will not action any CBEST applications unless the applicant company employs an individual (a person who is hired for a wage, salary, fee or payment to perform work for an employer) with this qualification who is based in the UK.