Security News > 2020 > August > CREST: We are investigating NCC Group certification cheat sheet scandal – and not with NCC personnel

CREST: We are investigating NCC Group certification cheat sheet scandal – and not with NCC personnel
2020-08-14 09:51

British infosec accreditation body CREST has changed some of its exams after cheat sheets containing exam answers and practical walkthroughs were posted on GitHub in a repo that NCC Group confirmed included its own documents.

In an email to all CREST members sent on the afternoon of 12 August, the certification body assured members that leaked elements of its certification exams have now been "Deprecated" as part of a process already in motion "Between June 2018 and July 2020".

A copy of the NDA shown to El Reg says information from CREST exams must be "Protected from disclosure to anyone outside of the CREST Assessors, the CREST Executive or CREST permanent staff".

NCC Group told us: "We have commenced our own investigation and are fully co-operating with CREST and NCSC.".

"A spokesperson from the National Cyber Security Centre, the cyber offshoot of UK signals intelligence agency GCHQ, told The Register:"We are aware of these allegations and are working with CREST and the NCC Group to understand their validity, as well as undertaking our own investigation into any potential implications.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/08/14/crest_investigates_ncc_group/