{"id":23645,"date":"2022-11-23T17:24:36","date_gmt":"2022-11-23T11:54:36","guid":{"rendered":"https:\/\/www.getastra.com\/blog\/?p=23645"},"modified":"2026-03-31T17:27:22","modified_gmt":"2026-03-31T11:57:22","slug":"check","status":"publish","type":"post","link":"https:\/\/www.getastra.com\/blog\/penetration-testing\/check\/","title":{"rendered":"CHECK Penetration Testing Guide"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">CHECK penetration testing is a specialized form of <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/cyber-security-audit-companies\/\">cybersecurity audit<\/a> or assessment designed explicitly by the NCSC for government departments, public sector bodies, and critical national infrastructure (CNI) in the UK.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Unlike traditional pentests focusing on a broad range of vulnerabilities, CHECK prioritizes threats relevant to government systems using government-approved tools and methodologies. This targeted approach helps identify weaknesses that are most likely to be exploited by adversaries targeting government entities.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_is_CHECK\"><\/span>What is CHECK?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Better known as \u2018IT Health Check Service\u2019, CHECK is an accreditation scheme operated by the UK&#8217;s <a href=\"https:\/\/www.ncsc.gov.uk\/information\/check-penetration-testing\" target=\"_blank\" rel=\"noopener\">National Cyber Security Centre (NCSC)<\/a> that certifies companies to conduct authorized penetration tests on public sector and Critical National Infrastructure (CNI) systems and networks.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It provides a framework for ensuring that penetration testing is conducted to a high standard with qualified personnel according to recognized methodologies.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Who_Needs_CHECK_Penetration_Testing\"><\/span>Who Needs CHECK Penetration Testing?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">CHECK penetration testing certification is primarily mandated for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Government departments:<\/strong> All systems handling data classified as OFFICIAL or above must undergo CHECK-approved penetration testing.<\/li>\n\n\n\n<li><strong>Public sector bodies:<\/strong> While not strictly mandated, the NCSC strongly recommends it for all public sector organizations, especially those handling sensitive data or operating critical infrastructure.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Please note that for systems handling data marked SECRET or TOP SECRET, <strong>two CHECK team leaders<\/strong> with appropriate clearances and access must be involved.<\/p>\n\n\n<style>\n.newctaWrapper{\n  background-color: #f8f2e4;\n  padding: 40px;\n  border-radius: 10px;\n  margin: 20px 0px;\n}\n.ctaHead{\n  display: flex;\n  align-items: center;\n  grid-gap: 1rem;\n}\n.newctaHeading{\n  font-size: 36px;\n  font-weight: 600;\n  line-height: 1.1;\n  margin-bottom: 0px;\n  color: #403F3E;\n}\n.spanBold{\n  color: #164DB3;\n  font-weight: 700;\n}\n.ctaOne{\n  text-decoration: none;\n  background-color: #2F76F8;\n  color: #ffffff!important;\n  padding: 10px 25px;\n  border-radius: 6px;\n  font-weight: 600;\n}\n.ctaOne:hover{\n  color:#fff;\n}\n.ctaTwo{\n  text-decoration: none;\n  background-color: #24BC94;\n  color: #ffffff!important;\n  padding: 10px 25px;\n  border-radius: 6px;\n  font-weight: 600;\n}\n.ctaTwo:hover{\n  color:#fff;\n}\n.ctaBody{\n  padding-top: 40px;\n  display: flex;\n  align-items: flex-end;\n  grid-gap: 1rem;\n}\n.ctoImg{\n  height: 310px;\n  width: 300px;\n}\n@media(max-width: 768px){\n}\n\n@media(max-width: 576px){\n  .ctaBody{\n    flex-direction: column;\n  }\n  .ctoImg{\n     display: none;\n  }\n<\/style>\n<div class=\"newctaWrapper\">\n<div class=\"ctaHead\"><img loading=\"lazy\" decoding=\"async\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/08\/ceb80994-shield.png\" alt=\"shield\" width=\"58\" height=\"62\" \/>\n<p class=\"newctaHeading\">What Makes Astra the Best VAPT Solution?<\/p>\n\n<\/div>\n<div class=\"ctaBody\">\n<div>\n<ul style=\"margin: 0px 25px 25px;\">\n \t<li>We\u2019re the only company that\u00a0<span class=\"spanBold\">combines automated &amp; manual pentest<\/span>\u00a0to create a one-of-a-kind pentest platform.<\/li>\n \t<li>The Astra Vulnerability Scanner runs <span class=\"spanBold\">10,000+ tests<\/span> to uncover every single vulnerability<\/li>\n \t<li>Vetted scans ensure<span class=\"spanBold\">\u00a0zero false positives.<\/span><\/li>\n \t<li>Our intelligent <span class=\"spanBold\">vulnerability scanner emulates hacker behavior<\/span>\u00a0&amp; evolves with every pentest.<\/li>\n \t<li>Astra\u2019s scanner helps you shift left by integrating with your CI\/CD.<\/li>\n \t<li>Our platform helps you\u00a0<span class=\"spanBold\">uncover, manage &amp; fix<\/span>\u00a0vulnerabilities in one place.<\/li>\n \t<li>Trusted by the brands\u00a0<span class=\"spanBold\">you trust<\/span>\u00a0like Agora, Spicejet, Muthoot, Dream11, etc.<\/li>\n<\/ul>\n<div class=\"ctaHead\"><a class=\"ctaOne\" href=\"https:\/\/astra.sh\/681d8\" target=\"_blank\" rel=\"noopener\">Let\u2019s Talk<\/a>\n<a class=\"ctaTwo\" href=\"https:\/\/astra.sh\/rK6rl\" target=\"_blank\" rel=\"noopener\">Get Started<\/a><\/div>\n<\/div>\n<div><img decoding=\"async\" class=\"ctoImg\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/08\/b262d665-cto.png\" alt=\"cto\" width=\"\" \/><\/div>\n<\/div>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"CHECK_vs_CREST_Penetration_Testing\"><\/span>CHECK vs CREST Penetration Testing<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">While CHECK accreditation is specific to UK government and CNI penetration testing, CREST is a globally recognized accreditation body ensuring high standards in security testing across various industries. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Select cybersecurity providers, including <strong>Astra<\/strong>, hold <strong><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/crest-accredited-penetration-testing\/\">CREST accreditation<\/a><\/strong>, demonstrating their commitment to rigorous testing methodologies and industry best practices.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let&#8217;s take a look at the differences between <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/crest-accredited-penetration-testing\/\" data-type=\"link\" data-id=\"https:\/\/www.getastra.com\/blog\/security-audit\/crest-accredited-penetration-testing\/\">CHECK and CREST penetration testing<\/a>.<\/p>\n\n\n\n<table id=\"tablepress-107\" class=\"tablepress tablepress-id-107 column1-color\">\n<thead>\n<tr class=\"row-1\">\n\t<th class=\"column-1\">Feature<\/th><th class=\"column-2\">CHECK Penetration Testing<\/th><th class=\"column-3\">CREST Penetration Testing<\/th>\n<\/tr>\n<\/thead>\n<tbody class=\"row-striping row-hover\">\n<tr class=\"row-2\">\n\t<td class=\"column-1\">Focus<\/td><td class=\"column-2\">Government and public sector organizations, critical national infrastructure (CNI)<\/td><td class=\"column-3\">Broad applicability across various industries<\/td>\n<\/tr>\n<tr class=\"row-3\">\n\t<td class=\"column-1\">Authority<\/td><td class=\"column-2\">National Cyber Security Centre (NCSC) - UK government agency<\/td><td class=\"column-3\">International, not-for-profit accreditation and certification body<\/td>\n<\/tr>\n<tr class=\"row-4\">\n\t<td class=\"column-1\">Certification<\/td><td class=\"column-2\">Focuses on company qualifications and methodologies<\/td><td class=\"column-3\">Focuses on individual pentester competency through exams<\/td>\n<\/tr>\n<tr class=\"row-5\">\n\t<td class=\"column-1\">Evaluation Process<\/td><td class=\"column-2\">Stringent company audits to ensure adherence to NCSC CHECK methodology<\/td><td class=\"column-3\">Rigorous exams and practical assessments for individuals<\/td>\n<\/tr>\n<tr class=\"row-6\">\n\t<td class=\"column-1\">Methodology<\/td><td class=\"column-2\">Adheres to the specific NCSC CHECK methodology<\/td><td class=\"column-3\">Follows industry best practices and recognized frameworks (e.g., PTES, NIST)<\/td>\n<\/tr>\n<tr class=\"row-7\">\n\t<td class=\"column-1\">Compliance<\/td><td class=\"column-2\">It may not directly address all compliance needs but ensures in-depth knowledge of the same<\/td><td class=\"column-3\">Can be tailored to address various compliance requirements (e.g., GDPR, PCI DSS)<\/td>\n<\/tr>\n<tr class=\"row-8\">\n\t<td class=\"column-1\">Cost<\/td><td class=\"column-2\">Potentially more expensive due to the limited pool of CHECK-approved companies<\/td><td class=\"column-3\">Generally less costly due to the wider availability of certified providers<\/td>\n<\/tr>\n<tr class=\"row-9\">\n\t<td class=\"column-1\">Benefits<\/td><td class=\"column-2\">Specifically designed for high-risk government and CNI systems - Adherence to a rigorous, government-backed methodology - Enhanced security posture for critical infrastructure<\/td><td class=\"column-3\">Strong focus on individual pentester skills - Broad applicability across industries - Increased flexibility in test methodologies - Can be tailored for compliance needs<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<!-- #tablepress-107 from cache -->\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Steps_in_CHECK_Penetration_Testing\"><\/span>Steps in CHECK Penetration Testing<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Define CHECK Tasks<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This stage outlines the scope and objectives of the penetration test. It considers the government classification of the information systems involved (OFFICIAL, SECRET, TOP SECRET) and tailors the test accordingly.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Collaborating with your team, the CHECK penetration tester defines specific targets, attack vectors, and testing methodologies to ensure the test aligns with the organization&#8217;s security requirements and risk tolerance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Consent &amp; Legal Requirements<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This step is pivotal in establishing a clear framework for the <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/what-is-vapt\/\">VAPT<\/a> and involves the pentesters obtaining formal authorization from your organization, granting explicit permission to conduct the assessment.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Further, such a comprehensive agreement outlining the rules of engagement, including limitations and potential risks, is crucial to protecting both parties. It serves as a legal safeguard, ensuring transparency throughout the process.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Capture Requirements<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Similar to the reconnaissance phase in traditional pentests, the CHECK penetration testing team starts gathering in-depth information about the target system, including network diagrams, system inventories, security policies, and other relevant documentation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, as the CHECK framework emphasizes understanding the specific security policies governing government systems, it also thoroughly examines your Information Assurance (IA) framework.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Evaluation<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Testers meticulously examine systems, networks, and applications for weaknesses during this step through vulnerability assessment and exploitation attempts.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A key aspect of CHECK accredited penetration testing is the exclusive use of government-approved tools and methodologies, such as those provided by the National Technical Authority for Information Assurance (NTALIA). This ensures consistency and adherence to rigorous standards.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Report and Reviews<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This stage involves documenting the penetration test findings in a <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/penetration-testing-report\/\">detailed report<\/a> that adheres to government reporting standards, classifying vulnerabilities based on their severity and potential impact on government systems in clear and concise language.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, as per the framework, the report should provide clear remediation and risk mitigation strategy recommendations, prioritized based on the severity and potential impact on your organization.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Knowledge Transfer<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The last stage focuses on transferring knowledge to your team through detailed reports with open communication channels to avoid bottlenecks and streamline the remediation process.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Moreover, to empower you to make informed decisions about remediating vulnerabilities and improving your overall security posture, CHECK encourages testers to present their findings in a way that is understandable to technical and non-technical audiences alike.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_CHECK_Approved_Penetration_Testing_Helps_You\"><\/span>How CHECK Approved Penetration Testing Helps You<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"768\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/07\/8645c67c-benefits-of-check-penetration-testing.png\" alt=\"Benefits of CHECK Penetration Testing\" class=\"wp-image-33182\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Maintain Compliance:&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">CHECK ensures the pen test adheres to UK government regulations and guidelines for information security, reducing your risk of non-compliance issues and legal repercussions accompanying audit failures and data breaches.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Focus on Security:&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">By prioritizing vulnerabilities relevant to government threats, CHECK helps identify weaknesses most likely to be exploited by attackers targeting such systems. Its actionable reporting empowers you to address risks effectively and improve your security posture.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Standardized Approach:&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The structured methodology for pen testing and list of vetted tools help ensure consistency and repeatability in assessments across different government agencies. This also allows for easier comparison of security posture across different government departments.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Knowledge Transfer:&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Lastly, the framework encourages clear communication of findings to non-technical audiences, empowering decision-makers to understand and prioritize security improvements while fostering a security-first culture.<\/p>\n\n\n<style>\n.astraPentestWrap{\n  padding:35px;\n  border: 6px;\n  background-image: url('https:\/\/cdn-blog.getastra.com\/2024\/08\/838dc804-smallimgicbg.png');\n  background-size: cover;\n  background-repeat: no-repeat;\n  position: relative;\n  background-position: right;\n  height: auto;\n  border-radius: 10px;\n  margin: 20px 0px;\n}\n.pentestHeading{\n  color: #575757;\n  font-size: 24px;\n  font-weight: 600;\n  color: #575757;\n  max-width: 450px;\n}\n.ctaHead {\n    display: flex;\n    align-items: center;\n    grid-gap: 1rem;\n}\n.ctaOne {\n    text-decoration: none;\n    background-color: #2F76F8;\n    color: #ffffff !important;\n    padding: 10px 25px;\n    border-radius: 6px;\n    font-weight: 600;\n}\n.ctaTwo {\n    text-decoration: none;\n    background-color: #24BC94;\n    color: #ffffff !important;\n    padding: 10px 25px;\n    border-radius: 6px;\n    font-weight: 600;\n}\n.spanBoldBlue {\n    color: #3078FE;\n    font-weight: 700;\n}\n.animeImg{\n  position: absolute;\n  bottom: 0px;\n  right: -20px;\n  height: 250px;\n  width: 240px;\n}\n@media(max-width: 768px){\n}\n@media(max-width: 576px){\n   .pentestHeading{\n      font-size: 28px;\n    }\n   .ctaHead{\n     flex-direction: column;\n     align-items: flex-start;\n   }\n   .animeImg{\n    display: none;\n  }\n}\n<\/style>\n<div class=\"astraPentestWrap\">\n<p class=\"pentestHeading\">Astra Pentest is built by the team of experts that helped\u00a0secure <span class=\"spanBoldBlue\">Microsoft, Adobe, Facebook, and Buffer<\/span><\/p>\n\n<div class=\"ctaHead\"><a class=\"ctaOne\" href=\"\/contact-us\" target=\"_blank\" rel=\"noopener\">Book a Demo<\/a>\n<a class=\"ctaTwo\" href=\"\/pentest\/pricing\" target=\"_blank\" rel=\"noopener\">View Pricing<\/a><\/div>\n<img decoding=\"async\" class=\"animeImg\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/08\/96ad3cf0-girlcta.png\" alt=\"character\" \/>\n\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Get_Certified_With_CHECK\"><\/span>How to Get Certified With CHECK?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">CHECK accreditation isn&#8217;t directly awarded to individual organizations but applies to the <strong>team members<\/strong> who conduct penetration testing within the framework. Here&#8217;s what&#8217;s involved for a team to achieve CHECK status:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Qualifications:<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Each team member must hold a relevant <strong>NCSC-approved professional <a href=\"https:\/\/www.ncsc.gov.uk\/information\/become-a-check-provider\" target=\"_blank\" rel=\"noopener\">qualification<\/a><\/strong>. These qualifications demonstrate a basic understanding of penetration testing principles and methodologies.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>CREST Examinations:<\/strong> The Cyber Security Council (CSC) offers <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/crest-accredited-penetration-testing\/\">CREST<\/a> exams that fulfill NCSC requirements. Passing exams like CREST Certified Infrastructure Tester (CCT Inf) or CREST Certified Web Application Tester (CCT App) qualifies a team leader. CREST Registered Penetration Tester (CRT) qualifies a team member.<\/li>\n\n\n\n<li><strong>The Cyber Scheme:<\/strong> Alternatively, examinations from The Cyber Scheme, like CSTM (Cyber Scheme Team Member) or CSTL (Cyber Scheme Team Leader), can be used for CHECK Team Member and Leader status respectively.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Experience:<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The NCSC requires all CHECK Team Leaders and Members to have <strong>relevant experience<\/strong> in penetration testing. The specific experience requirements aren&#8217;t publicly available, but demonstrably performing penetration testing services for at least a year is likely expected.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Company Requirements (For Providers):<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">If your organization aims to be a CHECK service provider, there are additional considerations:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Your company must be able to <strong>sign up under English law<\/strong>.<\/li>\n\n\n\n<li>The company must have performed penetration testing services under its current name for at least <strong>12 months<\/strong>.<\/li>\n\n\n\n<li>All proposed team members need to hold the required <strong>SC security clearance<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Final_Thoughts\"><\/span>Final Thoughts<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In essence, CHECK penetration testing is a rigorous framework designed to safeguard critical UK government systems. Its focus on evaluated and approved tools and methodologies strengthens your security posture while providing a structured approach.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Simply put, in addition to various benefits, CHECK certified penetration testing helps safeguard your sensitive data and systems, builds trust with stakeholders, and contributes to a more secure digital environment.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"FAQs\"><\/span>FAQs<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1721924114709\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">What is a CHECK penetration test?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>CHECK penetration testing is an NCSC-approved scheme for authorized penetration tests on public sector and CNI systems, conducted by qualified companies using NCSC-recognized methods, producing reports and recommendations to a recognized standard.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1721924230578\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">What is the difference between CHECK and CREST?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>CHECK is a UK government scheme for approving penetration testing companies to assess public sector and critical infrastructure systems, while CREST is an international accreditation body ensuring high standards in security testing across various sectors, providing broader industry recognition.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1721924288686\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">How to become CHECK approved?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>To become CHECK approved, your company must meet stringent NCSC criteria, including a minimum of 12 months penetration testing experience, holding SC clearance for all team members, and employing a CHECK Team Leader with relevant qualifications and experience.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>CHECK penetration testing is a specialized form of cybersecurity audit or assessment designed explicitly by the NCSC for government departments, public sector bodies, and critical national infrastructure (CNI) in the UK.&nbsp; Unlike traditional pentests focusing on a broad range of vulnerabilities, CHECK prioritizes threats relevant to government systems using government-approved tools and methodologies. This targeted &#8230; <a title=\"CHECK Penetration Testing Guide\" class=\"read-more\" href=\"https:\/\/www.getastra.com\/blog\/penetration-testing\/check\/\" aria-label=\"Read more about CHECK Penetration Testing Guide\">Read more<\/a><\/p>\n","protected":false},"author":24,"featured_media":38749,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[722],"tags":[],"class_list":["post-23645","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-penetration-testing"],"_links":{"self":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/23645","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/comments?post=23645"}],"version-history":[{"count":11,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/23645\/revisions"}],"predecessor-version":[{"id":42988,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/23645\/revisions\/42988"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media\/38749"}],"wp:attachment":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media?parent=23645"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/categories?post=23645"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/tags?post=23645"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}