Provide Cyber Incident Response services

Created:  25 Sep 2016
Updated:  25 Sep 2016
Open to new applications with effect from 3 January 2017.
If your organisation has proven expertise in investigating sophisticated attacks by highly skilled threat actors against networks of national significance you may apply to be certified under the NCSC/CPNI Cyber Incident Response (CIR) scheme

The NCSC/CPNI Cyber Incident Response (CIR) scheme

If your organisation has proven expertise in investigating sophisticated, targeted attacks by highly skilled threat actors against networks deemed to be of national significance you may apply to be certified under the NCSC/CPNI (Centre for the Protection of National Infrastructure) Cyber Incident Response (CIR) scheme. Companies certified as service providers under this scheme are assessed against requirements set jointly by the NCSC (formerly CESG and GovCertUK) and CPNI demonstrating (amongst other things):

  • a clear understanding of cyber threats and techniques, specifically those posed by highly skilled threat actors and related to networks of national significance

  • evidence of methodology, track record and experience of full incident response lifecycle focused on sophisticated threat actors

  • an ability to develop tools and techniques

  • an understanding of environments such as HM Government, wider Public Sector, HMG supply chain & Critical National Infrastructure

  • compliance with the HMG Security Policy Framework for use/storage of protectively marked material

  • a secure company environment that is well protected against known threats and has sufficient instrumentation to detect a compromise

CREST Cyber Security Incident Response (CSIR) scheme

The NCSC and CPNI have endorsed the CREST CSIR Scheme as having the necessary requirements and control mechanisms to ensure CREST certified companies are able to deliver effective cyber security incident response services. CREST certification is suitable for the vast majority of incidents affecting private and public sector customers.

Details of requirements and application process are available on the CREST website www.crest-approved.org

Professional Qualifications

Mandated cyber security professional qualifications (eg, Intrusion Analysis, Malware Reverse Engineering) for service providers certified under the NCSC/CPNI  scheme are being phased in for new companies.  The holding of such qualifications will be considered desirable, but not mandatory initially. The contract for approved providers gives further details on timeframes for attaining the appropriate professional qualifications.

Further reading

Was this information helpful?

We need your feedback to improve this content.

Yes No