The Center for Crime Prevention and Safety (CCV) has released version 2.0 of the certification scheme for pen testing. It goes into effect April 1, 2024.
The main changes are more explicit requirements for creating a test plan, executing the testing process, including the responsibilities of the pentester and reporting on it.
Employees who are not demonstrably qualified may be used for pen testing provided they are supervised by a qualified pen tester. The requirement regarding the ratio of qualified personnel to non-qualified personnel is also stricter than before. Also, the requirement for minimum work experience is better defined in the new certification scheme.
Version 2.0 further states that all external tooling to perform pen testing (software, scripts, etc.) must be legally obtained. In this way, the CCV aims to ensure the legal integrity of the pentesting process. Pentests should be ethical, professional and in compliance with all relevant legislation, according to the CCV.
Click here for the CCV's message (1).
(1) https://hetccv.nl/het-ccv-publiceert-versie-2-0-van-het-keurmerk-pentesten/
