This article is more than 1 year old
US National Security Agency gets CREST smile
Britain-based certification body pleased about 'huge growth'
CREST, the UK-based certification and accreditation body for the infosec industry, has signed an agreement with the National Security Agency to take over its incident response accreditation programme.
Supported by the Foreign and Commonwealth Office in the UK, which is seeking to promote the UK's professional cyber security skills and experience abroad, CREST has signed a memorandum of understanding with the NSA.
This is to establish a relationship with the Information Assurance Directorate (IAD) of the NSA to help grow its Cyber Incident Response Assistance programme, "while also ensuring the continued integrity of all aspects of the strict accreditation process," it says.
The IAD at the NSA provides "advanced Cyber Incident Response Assistance (CIRA) and Vulnerability Assessment (VA) services to address a growing number of sophisticated security incidents against national security systems."
The accreditation of commercial industry partners who are capable of "consistently providing a high level of cyber security assistance services" is judged on "a stringent set of criteria created from NSA, Industry and Government best practices."
Rowland Johnson, the director of CREST international, told The Register that the organisation's commitment was to "help the industry build capability, capacity and consistency" on an international basis, through its accreditation and certification work.
Johnson said CREST was expecting huge growth in the next 12 months resulting from the memorandum, which would prove important in its work "bringing back uniformity to markets."
"If we can help define standards within the market, that's good for members, that's good for regulators, it's good for governments and it's good for the buying community too," said Johnson.
“The MOU demonstrates the increasing collaborative relationship between industry and government globally to support and develop the cyber security ecosystem,” said Johnson. “It will provide an approach for aligning international accreditation standards and support stakeholders that operate in multiple countries and regions.” ®