Versions Compared

Version Old Version 9 New Version Current
Changes made by

Stefan Vasiljevic

Kate McKenzie

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

(blue star)

Page Properties
hiddentrue

Document number:

LEG-003-Schedule 11 - AssessorCriteria IASME Cyber Baseline

Document type:

Schedule

Responsibility for implementation & training:

ICB Scheme Manager

CB contract doc/ schedule:

NO

Scheme:

IASME Cyber Baseline

Reason for change:

Initial version

Approved by:

Emma Philpott

Approved date:

Next review:

Review and consultation process:

Reviewed Annually by ICB Scheme Manager

Associated documentation:

(Agreement to be linked when added to Confluence)/wiki/spaces/ICB/pages/2496168230

Distribution:

Controlled in Confluence Quality Management System.

Revisions:

Date issued:

Author:

Description:

Samantha Alexander (Deactivated)

First Introduction

Download PDF Here

Assessor Criteria

IASME requires that anyone who applies to become a Cyber Baseline Assessor must have a suitable level of skills in cyber security. They must also attend the appropriate Assessor Training Course for the category of Assessor they wish to attain.

...

The required skills for each level of Assessor are defined against the CyBok skills frameworks (where possible) and require a broad spread of cyber security knowledge to enabled skilled judgements to be made on an organisation’s answers to the assessment questions

1 Cyber Baseline Level 1

All Cyber Baseline Level 1 Assessors must have at least three years’ experience in either an Information Technology or Cyber Security role.

In addition, all Cyber Baseline Level 1 Assessors must complete and pass the IASME Assessor Skills Assessment exam unless they meet list A below. The exam allows candidates who hold relevant skills and experience but do not hold one of the above certifications or memberships an opportunity demonstrate their skills. The exam contents and marking scheme will be agreed between NCSC and IASME and periodically updated

 

List A

Achieve and maintain one of the following certifications:

ISC2 Certified Information Systems Security Professional (CISSP)

ISACA Certified Information Security Manager (CISM)

ISO27001 Lead Auditor

All new assessors will be required to meet the above requirements before attending the Cyber Baseline Level 1 Assessor Training Course.

2 Cyber Baseline Level 2

Every Certification Body that offers Cyber Baseline Level 2 must, at all times, have at least one Cyber Baseline Level 2 assessor who holds at least one of the certifications in list B.

List B

CREST Registered Penetration Tester

...

• ICREST Certified Infrastructure Tester

EC-Council Certified Penetration Testing (CPENT)

Offensive Security Certified Professional (OSCP)

3 Ongoing development

All assessors are required to attend any update training and ongoing development activities as specified by IASME when required.

© The IASME Consortium Ltd 2020 2023 All rights reserved