CREST, the UK-based accreditation and certification body for the technical information security industry, has signed a Memorandum of Understanding with the National Security Agency (NSA) in the USA to take over the operation of its Cyber Incident Response Assistance (CIRA) accreditation program.
CREST has also launched its USA Chapter with new offices in New York and the announcement of its first members Gotham Digital Science (GDS) – a Stroz Friedberg company, MWR InfoSecurity, Nettitude, Stroz Friedberg and Trustwave. CREST's move into in the USA has been supported by the UK's Foreign and Commonwealth Office (FCO) as part of its commitment to promoting the UK's professional cyber security skills and experience abroad.
The aim of the relationship between the Information Assurance Directorate (IAD) of the NSA and CREST is to facilitate the growth of the Cyber Incident Response Assistance program, while also ensuring the continued integrity of all aspects of the strict accreditation process.
The NSA's IAD provides advanced Cyber Incident Response Assistance (CIRA) and Vulnerability Assessment (VA) services to address a growing number of sophisticated security incidents against National Security Systems (NSS). The National Security Cyber Assistance Program (NSCAP) was created to leverage the cyber expertise of industry to perform select cyber security services for NSS owners and operators. Accreditation of highly qualified commercial industry partners capable of consistently providing a high level of cyber security assistance services is based on a stringent set of criteria created from NSA, Industry and Government best practices.
"The CREST relationship with the NSA will support the maturity of incident response services into other government and commercial departments outside of NSS," explains Rowland Johnson, director of CREST International. "It is hoped that it will also encourage cyber security service providers to have their capabilities assessed and accredited. This will drive increasing levels of capability and capacity in to the market and we have kicked off this process by welcoming GDS - a Stroz Friedberg company, MWR InfoSecurity, Nettitude, Stroz Friedberg and Trustwave as the first members of our CREST USA chapter.
"The MOU demonstrates the increasing collaborative relationship between industry and government globally to support and develop the cyber security ecosystem," said Johnson. "It will provide an approach for aligning international accreditation standards and support stakeholders that operate in multiple countries and regions."
The CIRA accreditation process will remain unchanged and CREST will maintain secure communication through the NSCAP portal for all organisations that go through re-accreditation.