Provide Cyber Incident Response services
Open to new applications with effect from 3 January 2017.
If your organisation has proven expertise in investigating sophisticated attacks by highly skilled threat actors against networks of national significance you may apply to be certified under the NCSC/CPNI Cyber Incident Response (CIR) scheme
The NCSC/CPNI Cyber Incident Response (CIR) scheme
If your organisation has proven expertise in investigating sophisticated, targeted attacks by highly skilled threat actors against networks deemed to be of national significance you may apply to be certified under the NCSC/CPNI (Centre for the Protection of National Infrastructure) Cyber Incident Response (CIR) scheme. Companies certified as service providers under this scheme are assessed against requirements set jointly by the NCSC (formerly CESG and GovCertUK) and CPNI demonstrating (amongst other things):
a clear understanding of cyber threats and techniques, specifically those posed by highly skilled threat actors and related to networks of national significance
evidence of methodology, track record and experience of full incident response lifecycle focused on sophisticated threat actors
an ability to develop tools and techniques
an understanding of environments such as HM Government, wider Public Sector, HMG supply chain & Critical National Infrastructure
compliance with the HMG Security Policy Framework for use/storage of protectively marked material
a secure company environment that is well protected against known threats and has sufficient instrumentation to detect a compromise
CREST Cyber Security Incident Response (CSIR) scheme
The NCSC and CPNI have endorsed the CREST CSIR Scheme as having the necessary requirements and control mechanisms to ensure CREST certified companies are able to deliver effective cyber security incident response services. CREST certification is suitable for the vast majority of incidents affecting private and public sector customers.
Details of requirements and application process are available on the CREST website www.crest-approved.org
Mandated cyber security professional qualifications (eg, Intrusion Analysis, Malware Reverse Engineering) for service providers certified under the NCSC/CPNI scheme are being phased in for new companies. The holding of such qualifications will be considered desirable, but not mandatory initially. The contract for approved providers gives further details on timeframes for attaining the appropriate professional qualifications.
Was this information helpful?
We need your feedback to improve this content.