Penetration Testing Accreditation
Penetration Testing Accreditation is offered by NCSA under the National Information Security Compliance Framework (NISCF) to Service Providers interested in providing Penetration Testing services that consist of ethical cybersecurity assessments to identify and exploit vulnerabilities of IT resources in order to mitigate or minimize the risk of malicious exploitation or attacks.
Note: Scope of accreditation excludes Industrial Control Systems (ICS) or Operational technology (OT) Testing, Automated Vulnerability Assessment Scans, Threat Intelligence / Detection / Hunting, Crowd sourced Testing (Bug Bounty), Source Code Audit, Incident Response and Security Operations Center (SOC).
Penetration Testing Service Accreditation is for Service Providers in State of Qatar who provide penetration testing services for any organization.
Service Providers targeting Penetration Testing Service Accreditation, have the option to select one or multiple of the below service types and delivery models that will constitute the scope of their Accreditation.
| Service Types | Service Delivery Models |
|
|
To achieve Penetration Testing Accreditation, a Service Provider must demonstrate conformance to NISCF Accreditation requirements as per the Penetration Testing Standard, during an assessment performed by NCSA.
The Penetration Testing Certificate of Accreditation awarded provides a point-in-time reference to a Service Provider compliance with the NISCF Penetration Testing Accreditation requirements.
Penetration Testing Services Disclaimer
Due to the technical complexity of Penetration Testing Services and the diverse technologies they may involve, this Accreditation does not ensure a service provider's capability to perform Penetration Testing on specific technologies or systems. It provides reasonable assurance of the overall capabilities of the service provider in delivering the detailed Penetration Testing Services specified in the Certificate of Accreditation. Consumers are responsible for selecting a suitable service provider based on their needs.
Penetration Testing Accreditation Application
The following shall be submitted as part of your application pack.
- Penetration Testing Accreditation Service Agreement
- Accreditation Application Form
- Penetration Testing Accreditation Requirements & Evidence Record Form (Application)
- The necessary supporting evidence as listed in the Accreditation Requirements & Evidence Record Form
- Accreditation Personnel Record Form for Penetration Testing
Please perform a readiness self-assessment before starting the application process. More details of Application process can be found here.