Back to CREST Website

Accredited Companies providing STAR-FS services

STAR-FS is a framework for intelligence-led penetration testing of the financial sector.

STAR-FS has been developed to meet the needs of the Regulators by ensuring the same level of rigour is applied to them whilst reducing resourcing implications on regulators. STAR-FS will reduce the role of the regulator in its delivery.

Any worldwide institution is able to adopt this framework and, where scoped appropriately, the results can be used to inform the Regulators. Regulators will be able to understand the current cyber security posture of regulated entities, proving itself an invaluable tool. This will also help entities themselves to understand where improvements in the current security arrangements need to be applied.

STAR-FS promotes an intelligence-led penetration testing approach that mimics the actions of cyber threat actors’ intent on compromising an organisation’s important business services and the technology assets and people supporting those services. Collaboration, evidence and improvement lie at the heart of STAR-FS as well as a close liaison with key stake holders.

The STAR-FS process utilises commercially available threat intelligence services in order to define realistic and current threat scenarios that will be utilised by the penetration testing teams to replicate real world attacks to operational systems. Risks to these systems are mitigated through the establishment of an internal control group, risk assessment, the accredited policies and processes utilised by the service provider and the skill and competence of the threat intelligence and penetration testing providers.

STAR-FS is more than a penetration test. The process is designed to utilise the expertise available through accredited service providers. It allows for consistent formal reports that are to be used by the participant to provide appropriate evidence to the Regulator of the level of technical cyber resilience.


Companies providing STAR-FS Intelligence-Led Penetration Testing Services:

Member Name CREST Certified Simulated Attack Manager CREST Certified Simulated Attack Specialist
Nettitude Group

Companies providing STAR-FS Threat Intelligence Services:

Member Name CREST Certified Threat Intelligence Manager
Nettitude Group
Security Alliance