Penetration Testing Accreditation

Penetration Testing Accreditation is offered by NCSA under the National Information Security Compliance Framework (NISCF) to Service Providers interested in providing Penetration Testing services that consist of ethical cybersecurity assessments to identify and exploit vulnerabilities of IT resources in order to mitigate or minimize the risk of malicious exploitation or attacks.

Pentest Seal for Accredited Service Providers

Note: Scope of accreditation excludes Industrial Control Systems (ICS) or Operational technology (OT) Testing, Automated Vulnerability Assessment Scans, Threat Intelligence / Detection / Hunting, Crowd sourced Testing (Bug Bounty), Source Code Audit, Incident Response and Security Operations Center (SOC).

Penetration Testing Service Accreditation is for Service Providers in State of Qatar who provide penetration testing services for any organization. 

Service Providers targeting Penetration Testing Service Accreditation, have the option to select one or multiple of the below service types and delivery models that will constitute the scope of their Accreditation.

Service TypesService Delivery Models
  • Internal
  • External
  • Red Teaming
  • On-site testing model
  • Remote testing model

To achieve Penetration Testing Accreditation, a Service Provider must demonstrate conformance to NISCF Accreditation requirements as per the Penetration Testing Standard, during an assessment performed by NCSA. 

The Penetration Testing Certificate of Accreditation awarded provides a point-in-time reference to a Service Provider compliance with the NISCF Penetration Testing Accreditation requirements.

Assessment Methodology

Penetration Testing Accreditation employs a rigorous assessment methodology to uphold the highest standards of quality and compliance among service providers. Within this accreditation, NCSA utilizes two distinct approaches during the duration of the accreditation: aggressive progression and lean progression. Below, are the key attributes of each approach.

Lean Progression

The lean progression assessment approach offers a structured framework for service providers to gradually enhance their compliance levels and strive for full compliance with accreditation standards. It emphasizes continuous improvement and proactive corrective actions, ensuring that accredited service providers maintain the highest standards of quality and compliance throughout the accreditation period. Service Providers demonstrating a sufficient level of compliance are identified for the lean progression assessment approach.

Aggressive Progression

The aggressive progression assessment methodology imposes strict conditions and timelines on service providers with low compliance rates, focusing on rapid resolution of non-conformities and strict adherence to prescribed standards. By facilitating swift corrective actions, it ensures that service providers maintain the requisite quality and standards outlined by the accreditation scheme. Service Providers with low compliance rates are identified for the aggressive progression assessment approach.

Penetration Testing Services Disclaimer

Due to the technical complexity of Penetration Testing Services and the diverse technologies they may involve, this Accreditation does not ensure a service provider's capability to perform Penetration Testing on specific technologies or systems. It provides reasonable assurance of the overall capabilities of the service provider in delivering the detailed Penetration Testing Services specified in the Certificate of Accreditation. Consumers are responsible for selecting a suitable service provider based on their needs.

Penetration Testing Accreditation Application

The following shall be submitted as part of your application pack.

  1. Penetration Testing Accreditation Service Agreement
  2. Accreditation Application Form
  3. Penetration Testing Accreditation Requirements & Evidence Record Form (Application)
  4. The necessary supporting evidence as listed in the Accreditation Requirements & Evidence Record Form
  5. Accreditation Personnel Record Form for Penetration Testing

Please perform a readiness self-assessment before starting the application process. More details of Application process can be found here.

Latest documents related to NISCF Penetration Testing Accreditation can be accessed from the Publications page.