The Cyber Scheme banner image depicting telecommunications spy satellites

Becoming a CHECK Provider

CHECK is the UK National Cyber Security Centre’s (NCSC) assurance scheme for Penetration Testing.

It enables approved companies to conduct authorised penetration tests for government departments, public sector bodies, and critical national infrastructure (CNI).

The CHECK Scheme and Professional Titles

Individuals working within the NCSC CHECK Scheme must hold a professional title for several reasons:

1. Assurance of Technical Competence CHECK testing involves penetration testing of sensitive government systems. Professionals must demonstrate advanced technical skills in areas like infrastructure, application security, and threat analysis.

2. Standardisation Across the Industry Professional titles ensure that all CHECK testers meet a consistent benchmark of knowledge and capability. This helps maintain uniform quality in testing and reporting across different organisations.

3. Alignment with UK Cyber Security Council’s Framework Titles are mapped to the UK Cyber Security Council’s professional standards, which define roles, responsibilities, and ethical conduct. This alignment supports the UK’s broader national cyber strategy.

The Cyber Scheme’s assessments are formally recognised by NCSC as meeting the technical standards required for CHECK.

Equivalence is official: NCSC accepts both CRT and CSTM for CTM status, and both CCT and CSTL for CTL status. Training and exam formats differ, but the competency level is aligned.

Why does CHECK matter?
  • Ensures the highest standards in penetration testing
  • Builds trust in cyber security assessments for sensitive systems
  • Helps identify vulnerabilities before adversaries exploit them
  • Provides assurance of technical competence
  • Is managed in alignment with the National Cyber Strategy
  • Trusted by Government and Industry – “what good looks like.”
Eligibility Requirements
  • Cyber Essentials Plus Certification: All systems used to store or process customer data must be certified.
  • Two recent penetration test reports authored by a proposed CTL, conducted under a company name.
  • Qualified Personnel: at least one CHECK Team Leader (CTL) with a UK Cyber Security Council Principal-level or Chartered-level title in Security Testing. All team members must be eligible for Security Clearance (SC).

 

All CHECK testers must hold SC clearance due to the sensitive nature of the work. Clearance involves background checks and vetting by UK government security services.

How to Apply
  • Email NCSC with subject “CHECK – EOI to apply”. Applications open periodically on as-needs basis; once invited, you have 4 weeks to apply.
  • NCSC reviews applications.
  • CHECK membership is free, but Cyber Essentials Plus and Professional Titles for individuals incur costs.

A company that carries out Check Testing needs at least one CTL.

To become a CTL, you need a security testing professional title at principal level (or above).

To apply for the principal level title, you must obtain CSTL.

Key Terminology

Check Team Member (CTM): must hold UKCSC practitioner-level title and SC clearance.

CSTM = Cyber Scheme Team Member, The Cyber Scheme’s CTM-level exam.

Check Team Leader (CTL): must hold UKCSC Principal-level title and SC clearance.

CSTL = Cyber Scheme Team Leader, The Cyber Scheme’s CTL-level exam.

CHECK Test Team: must be composed of registered CTLs and CTMs.

Download our infographic