CESG’s CHECK scheme

CHECK was instigated to ensure that sensitive government networks and those constituting the GSI (Government Secure Intranet) and CNI (Critical National Infrastructure) were secured and tested to a consistent high level.

In the absence of other standards, CHECK has become the de-facto standard for penetration testing in the UK. This is mainly on account of its rigorous certification process. Whilst good it only concentrates on infrastructure testing and not application testing.

CESG guidance states that CHECK consultants are only required when the assessment is for HMG or related parties, on systems that carry protectively marked information of a classification level of RESTRICTED or higher.

As a CHECK service provider we are permitted to work on systems processing information with a protective marking up to and including Confidential (and also SECRET with prior approval from CESG).  You can also be assured that all members of our CHECK team hold a minimum of Security Check (SC) clearance.