Nettitude Limited

Intelligence-led Penetration Testing and Red Teaming – CREST STAR/STAR-FS/GBEST/GCASE/CBEST/TBEST

LRQA (formerly-LRQA-Nettitude) STAR/STAR-FS/GBEST/GCASE/CBEST/TBEST/TIBER programme caters for the requirements of threat intelligence-led penetration-testing and red teaming to assess an organisations ability to detect, respond and eradicate known threats. LRQAs approach, combining extensive GBEST experience in the delivery of GBEST/GCASE/STAR programmes provide assurance through the simulation of real-world tactics, techniques and procedures.

Features

• Intelligence-led penetration testing and red teaming for government
• GBEST/GCASE/CREST STAR/STAR-FS/CBEST/TBEST/TIBER
• GBEST/GCASE/CREST STAR accredited threat intelligence & penetration testing service provider
• Real-world attack simulation using known threat actors and their TTPs
• Assesses an organisations ability to detect, respond and eradicate known-threats
• Continual risk management with both CREST CCSAS and CCSAM consultants
• Additional services as required (red, blue, purple teaming)
• Reporting and recommendations to all levels (executive/management/technical teams)
• In-depth detection and response assessments (DRA) with custom reporting
• Aligned to the MITRE ATT&CK framework and GBEST/GCASE KPI documentation

Benefits

• Designed to simulate real-world attack scenarios and attack paths
• Trains/measures the effectiveness of people/process/technology used to defend the organisation
• Conducted by LRQA’s CREST certified consultants CCSAS, CCSAM and CCTIM
• Includes physical security, social engineering, malware insertion and human manipulation
• Dedicated Technical Team Leader, Risk Manager and Project Manager assigned
• Enhances the security posture, ensuring responses are measured and repeatable
• Improves the ability to identify, protect, detect, respond and recover
• Remediation and threat strategies to manage risks and improve capabilities

£1,100.00 to £1,350.00 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@nettitude.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

876761808420868

Contact

Grace Harrison
0345 5200085
bidteam@nettitude.com

Planning

• Planning service: Yes
• How the planning service works: To deliver GBEST tests, there is a requirement for penetration testing organisations to work closely with threat intelligence providers. The threat data is used by the penetration testing company to tailor the assessment in line with the threats that organisation faces. As a consequence, this provides the closest simulation of threat that a penetration testing organisation can deliver. Nettitude can deliver both threat intelligence and penetration testing or has worked many times collaboratively with other providers.; ; GBEST/STAR penetration testing providers are required to go through additional levels of assurance to deliver intelligence led security assessments. As well as having a revised code-of-conduct and more rigorous company requirements, STAR penetration testers are also required to undertake additional levels of technical and operational assessment. These assessments are designed to mirror real life scenarios, with attack scenarios being consistent with many modern day APT’s (Advanced Persistent Threat).; ; The ability to customise the testing approach and use bespoke malware implant and simulations that reflects the real threats faced by your organisation increases significantly the value of this type of testing.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services: PCI-DSS Compliance
• Certified security testers: Yes
• Security testing certifications:
  • GBEST
  • CHECK
  • CREST
  • Cyber Scheme
  • Other
• Other security testing certifications:
  • CREST Certified Simulated Attack Specialist - CCSAS
  • CREST Certified Simulated Attack Manager - CCSAM
  • CREST Registered Threat Intelligence Analyst - CRTIA
  • CREST Certified Threat Intelligence Manager - CCTIM
  • CREST Practitioner Intrusion Analyst - CPIA
  • Cyber Scheme Team Leader (CSTL)
  • CREST Certified Network Intrusion Analyst - CCNIA
  • CREST Certified Host Intrusion Analyst - CCHIA
  • CREST Certified Malware Reverse Engineer - CCMRE
  • CREST Certified Incident Manager - CCIM

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: N/A

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Continual support throughout the engagement.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus
• ISO/IEC 27001 accreditation date: 05/09/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Net-zero is no longer a compromise. Our commitment is to be a net-zero business by 2030, against all scope 1, 2, and 3 emissions as quickly as possible. As a service provider, we will also help our clients to fight climate change.; ; Whether reporting energy and water usage, measuring waste reduction, or managing product lifecycle, our commitment is to support our customers to work towards any and every environmental goal. Our goal is to help clients to bring credibility to their assertions, helping them to demonstrate compliance with international standards, regulations and commitments.; ; We will combine deep environmental expertise and rigorous methodology to verify all data and information an organisation tracks or publishes.; ; We will certify our customers systems and processes against global standards, giving them the confidence that best practices are being implemented that maximise every opportunity to improve performance. This includes but is not limited to:; ; • Supporting our customers with their ISO 14064 greenhouse gas (GHG) validation; • Supporting our customers to verify their systems and processes against global standards; • Supporting our customers to transition to sustainable, low carbon power generation.; • Supporting our customers to transition from waste to energy, wind, tidal, nuclear to renewable capacity, hydrogen production, storage and distribution; • Supporting our customers verify their water usage,; • Supporting our customers verify their waste reduction; • Supporting our customers verify their or product lifecycle; • Supporting our customers to look beyond compliance, examining the resulting data and suggesting actions that put them in control of the areas that matter most to their business

  Covid-19 recovery

  LRQA Nettitude actively contributes to the global recovery from the COVID-19 pandemic by endorsing and supporting vaccination initiatives. As an organisation grounded in science and evidence, we acknowledge the crucial role of vaccination and regular testing in safeguarding individuals and reinstating societal normalcy. While we respect individual choices regarding vaccination, it is anticipated that various authorities, clients, and travel providers may necessitate COVID-19 vaccination for entry or proof of a formal exception.; ; Our commitment extends to supporting colleagues who choose to get vaccinated. LRQA Nettitude pledges to assist those receiving government-approved or World Health Organization-recognised COVID-19 vaccinations. In instances where an approved vaccine is not accessible through public or private healthcare providers, we will reimburse colleagues for the cost of an approved vaccination. Additionally, reasonable paid time off will be provided to facilitate vaccination for colleagues and their families.; ; Respecting privacy, LRQA Nettitude will only inquire about a colleague's vaccine status when there is a legitimate business need, such as travel or working in high-risk environments. Colleagues' vaccine information will be stored securely for a defined period, in compliance with local data privacy legislation, and disclosed only with explicit consent.; ; Recognising the ongoing importance of safety measures post-vaccination, LRQA Nettitude acknowledges that vaccination programs do not eliminate COVID-19 risk entirely. We commit to adhering to good practices and local legal requirements, acknowledging that certain safety measures will likely persist beyond the vaccination program. This comprehensive approach underscores LRQA Nettitude's dedication to supporting recovery and ensuring the well-being of our colleagues and the broader community.

  Tackling economic inequality

  We believe that every person deserves the right to work with dignity. Through our corporate social responsibility compliance, we help our clients discover and understand risks within their workplace and supply chain in order to enhance economic equality.; ; Transparency is the fundamental building block to understanding risk. Without transparency, it is difficult for an audit to report on risk exposure associated with wage underpayment, excessive working hours, child labour, unauthorized subcontractors, compliance to social insurance, harassment, and prison labour, to name a few.; ; Supplier transparency is part of our DNA. We will continually develop innovative solutions that uncover and manage risk from a social perspective.; ; EiQ is our supply chain data analytics platform, to create predictive models to assess the likelihood of unauthorized subcontracting, human trafficking, and labour unrest, to name a few. We are innovators and thought partners. This includes but is not limited to creating better working conditions and tackling inequality for the following areas:; ; • Wage underpayment; • Excessive working hours; • Child labour; • Unauthorized subcontractors; • Compliance to social insurance; • Harassment; • Prison labour

  Equal opportunity

  We believe that our responsibility as an employer, supplier, and customer is to treat people with respect, empathy, and kindness – to ensure people have the support they need to thrive and be at their best.; Our promise is to support our people and every stakeholder that we work and interact with.; ; We provide progressive advice and solutions for the following areas:; ; • Fair and equal pay across gender, race, age, and disability; • Fair and safe working hours; • The restructuring of labour to protect children; ; In addition to this, LRQA is committed to support young people from disadvantaged backgrounds to achieve their greatest potential. In 2022 we will launch “The Brightest Future”. The Brightest Future is LRQA’s philanthropic foundation that supports young people from disadvantaged backgrounds to build the brightest future for themselves, their community, and the planet; ; With a focus on young people from disadvantaged backgrounds, we will support thousands of young people to receive high-quality education over the next seven years.; ; Delivered by our employees in partnership with leading grassroot educational charities, our vision is to inspire young people to find their mighty purpose, curiosity, and courage to be part of building a better future for themselves, their community, and the planet.

  Wellbeing

  At LRQA Nettitude many of us are used to working from home, it is a new experience for lots of us and it may take some time to adjust. We always help to protect and look after our employee’s wellbeing and mental health; they can also reach out to one of our Mental Health First Aiders.; Our Mental Health First Aiders (MHFAs) are the go-to people for anyone who wants to talk to someone. Additionally, all members of the Nettitude Leadership and Management Team have an Open Door Policy and are available if employees need someone to talk to, not necessarily their own manager.; Nettitude Wellbeing – Objectives; • To provide a safe place for all Nettitude employees to raise Mental Health challenges they may be experiencing.; • To increase awareness of Mental Health within the Nettitude Group; • To signpost all employees on what support is available to them.; • To increase the ratio of MH First Aiders within the business.; • To develop a well-being strategy.; • Build a series of information/training to support employees with their wellbeing and those in their team.

Pricing

• Price: £1,100.00 to £1,350.00 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@nettitude.com. Tell them what format you need. It will help if you say what assistive technology you use.