CESG IT Health CHECK Services

Nettitude is proud to be one of a handful of UK companies that is approved by CESG to conduct IT Health Checks (ITHC).

Our team of CESG CHECK Consultants have had to be trained in the most rigorous of security testing procedures and have successfully passed both infrastructure and application tracks. In addition, all of Nettitude’s CHECK team leaders and CHECK members hold a minimum of SC clearance, and are permitted to work on systems that hold protectively marked data.

Looking for CESG ‘IT Health CHECK’ security testing?

The CESG IT Health CHECK (ITHC) or CHECK scheme was developed by the UK Government’s information assurance division. This body (known as CESG or the Communications-Electronics Security Group) is responsible for enhancing the availability and quality of the IT Health Check services that are provided to the Government in line with hHer Majesty’s Government (HMG) policy.

Nettitude has a team of certified CHECK testers for your project

Penetration Testing companies belonging to the CHECK scheme are measured against high standards set by CESG. Therefore public sector customers can be assured that they will receive a high quality service if the work is carried out under the terms and conditions of CHECK.

The CHECK certification has relevance to private sector companies as well HMG and Center for the Protection of National Infrastructure (CPNI) bodies.

Due to the fact that CESG has set the bar high for entrance in to the CHECK program, it ensures that organisations operating within the framework practise the highest levels of quality in all aspects of the security testing lifecycle.

Nettitude’s CHECK security testing service provides service assurance:

Strong and consistent methodology.

Thorough scoping (ensuring that the assessment is 100% tailored to your needs).

Industry leading testing services.

Strong communication, during the test and at the time of debrief.

Some of the best reporting and remediation advice available in the industry.

Guidance on risk; thorough consideration of impact, threat, vulnerability and likelihood.

Appropriate insurance and indemnity for all security testing engagements throughout the world.

Scoping is fundamental to successful ‘IT Health CHECK’ testing

CESG require that CHECK companies develop a test strategy, test plan and a series of test scripts for use on CESG IT Health Checks.

  • External Assessment

    • Attempts should be made to gain access to the target node.
    • Attempt to gain credentials for the target node.
    • Attempt to deny or disrupt service to the node (if appropriate and with the agreement of the client.
  • Internal Assessment

    • Attempt to gain extra privileges for assumed or gained identities.
    • Attempt to defeat auditing and detection schemes.
    • Attempt to defeat other security mechanisms (e.g. access controls).
  • Network Assessment

    • Attempt to move to other network nodes (with appropriate permission).
    • Attempt to move to other networks (with appropriate permission).
    • Attempt to prove access to key data owned by the customer (detailed provided from CESG’s Service Provision Guidelines).

Each scoping exercise is customised to our client’s individual requirements. Nettitude recognises the importance of getting scoping right, and consequently has a whole phase of their methodology dedicated to this exercise.

Nettitude’s Reports and Debrief Information

All of our testing services are led by industry recognised security consultants. During the debrief phase, Nettitude provides guidance on risk through both quantitative and qualitative reviews of vulnerability.

In addition, Nettitude provides risk treatment and remediation guidance on how to improve the environment. This dialogue includes information about topology and architecture as well as some of the emerging security technologies that are able to help secure an organisation’s information assets.

Nettitude has a range of sample reports that can be made available for customers interested in security testing services. These include documents that cover Infrastructure and web application testing all the way through to standalone client, server and remote desktop tests for organisations that are looking at Bring Your Own (BYO) computing strategies.

Intelligent Cyber Security and Risk Management   0345 5200 085    solutions@nettitude.co.uk