CREST, an accreditation and certification body for the technical information security industry, announced on September 13 that it has signed a Memorandum of Understanding with the National Security Agency (NSA) to take over the operation of its Cyber Incident Response Assistance (CIRA) accreditation program. CREST has also launched its USA Chapter with new offices in New York and the announcement of its first members – Gotham Digital Science (GDS) – a Stroz Friedberg company, MWR InfoSecurity, Nettitude, Stroz Friedberg and Trustwave.
The aim of the relationship between the Information Assurance Directorate (IAD) of the NSA and CREST is to facilitate the growth of the Cyber Incident Response Assistance program, while also ensuring the continued integrity of all aspects of the strict accreditation process.
The NSA’s IAD provides advanced Cyber Incident Response Assistance (CIRA) and Vulnerability Assessment (VA) services to address a growing number of sophisticated security incidents against National Security Systems (NSS). The National Security Cyber Assistance Program (NSCAP) was created to leverage the cyber expertise of industry to perform select cyber security services for NSS owners and operators. Accreditation of highly qualified commercial industry partners capable of consistently providing a high level of cyber security assistance services is based on a stringent set of criteria created from NSA, Industry and Government best practices.
“The CREST relationship with the NSA will support the maturity of incident response services into other government and commercial departments outside of NSS,” explains Rowland Johnson, director of CREST International. “It is hoped that it will also encourage cyber security service providers to have their capabilities assessed and accredited. This will drive increasing levels of capability and capacity in to the market and we have kicked off this process by welcoming GDS – a Stroz Friedberg company, MWR InfoSecurity, Nettitude, Stroz Friedberg and Trustwave.
“The MOU demonstrates the increasing collaborative relationship between industry and government globally to support and develop the cyber security ecosystem,” said Johnson. “It will provide an approach for aligning international accreditation standards and support stakeholders that operate in multiple countries and regions.”