...
The required skills for each level of Assessor are defined against the CyBok skills frameworks (where possible) and require a broad spread of cyber security knowledge to enabled skilled judgements to be made on an organisation’s answers to the assessment questions
1 Cyber Baseline Level 1
All Cyber Baseline Level 1 Assessors must have at least three years’ experience in either an Information Technology or Cyber Security role.
In addition, all Cyber Baseline Level 1 Assessors must complete and pass the IASME Assessor Skills Assessment exam unless they meet list A below. The exam allows candidates who hold relevant skills and experience but do not hold one of the above certifications or memberships an opportunity demonstrate their skills. The exam contents and marking scheme will be agreed between NCSC and IASME and periodically updated
List A
Achieve and maintain one of the following certifications:
...
•ISC2 Certified Information Systems Security Professional (CISSP)
...
•ISACA Certified Information Security Manager (CISM)
...
•ISO27001 Lead Auditor
All new assessors will be required to meet the above requirements before attending the Cyber Baseline Level 1 Assessor Training Course.
2 Cyber Baseline Level 2
Every Certification Body that offers Cyber Baseline Level 2 must, at all times, have at least one Cyber Baseline Level 2 assessor who holds at least one of the certifications in list B.
List B
...
•CREST Registered Penetration Tester
...
•ICREST Certified Infrastructure Tester
...
•EC-Council Certified Penetration Testing (CPENT)
...
•Offensive Security Certified Professional (OSCP)
3 Ongoing development
All assessors are required to attend any update training and ongoing development activities as specified by IASME when required.
© The IASME Consortium Ltd 2023 All rights reserved