CREST Signs Cyber Security Incident Response Agreement With NSA

WASHINGTON, September 13, 2016 /PRNewswire/ --

Billington CyberSecurity Summit, Washington DC: CREST, an accreditation and certification body for the technical information security industry, has signed a Memorandum of Understanding with the National Security Agency (NSA) to take over the operation of its Cyber Incident Response Assistance (CIRA) accreditation program. CREST has also launched its USA Chapter with new offices in New York and the announcement of its first members - Gotham Digital Science (GDS) - a Stroz Friedberg company, MWR InfoSecurity, Nettitude, Stroz Friedberg and Trustwave.

The aim of the relationship between the Information Assurance Directorate (IAD) of the NSA and CREST is to facilitate the growth of the Cyber Incident Response Assistance program, while also ensuring the continued integrity of all aspects of the strict accreditation process.

The NSA's IAD provides advanced Cyber Incident Response Assistance (CIRA) and Vulnerability Assessment (VA) services to address a growing number of sophisticated security incidents against National Security Systems (NSS). The National Security Cyber Assistance Program (NSCAP) was created to leverage the cyber expertise of industry to perform select cyber security services for NSS owners and operators. Accreditation of highly qualified commercial industry partners capable of consistently providing a high level of cyber security assistance services is based on a stringent set of criteria created from NSA, Industry and Government best practices.

"The CREST relationship with the NSA will support the maturity of incident response services into other government and commercial departments outside of NSS," explains Rowland Johnson, director of CREST International. "It is hoped that it will also encourage cyber security service providers to have their capabilities assessed and accredited. This will drive increasing levels of capability and capacity in to the market and we have kicked off this process by welcoming GDS - a Stroz Friedberg company, MWR InfoSecurity, Nettitude, Stroz Friedberg and Trustwave.

"The MOU demonstrates the increasing collaborative relationship between industry and government globally to support and develop the cyber security ecosystem," said Johnson. "It will provide an approach for aligning international accreditation standards and support stakeholders that operate in multiple countries and regions."

The CIRA accreditation process will remain unchanged and CREST will maintain secure communication through the NSCAP portal for all organisations that go through re-accreditation.

CREST's move into in the USA has been supported by the UK's Foreign and Commonwealth Office (FCO) as part of its commitment to promoting the UK's professional cyber security skills and experience abroad.

For any organisations that are interested in learning more about CIRA accreditation, please contact [email protected]

About CREST  

CREST is the not-for-profit accreditation body representing the technical information security industry. CREST provides internationally recognised accreditation for organisations and individuals providing penetration testing, cyber incident response and threat intelligence services. All CREST Member Companies undergo regular and stringent assessment; while CREST qualified individuals have to pass rigorous examinations to demonstrate knowledge, skill and competence. CREST is governed by an elected Executive of experienced security professionals who also promote and develop awareness, ethics and standards within the cyber security market.

SOURCE CREST