CHECK is the name of the scheme under which NCSC-approved companies can conduct authorised penetration tests of public sector and CNI systems and networks. There are similar certification schemes for non-governmental organisations, including CREST and Tiger.
You can find a CHECK provider list on NCSC's website at https://www.ncsc.gov.uk/section/products-services/all-products-services-categories?productType=Penetration+testing&sort=title%2Basc&start=0&rows=42 and see that AppCheck is not listed, due to the constraints on scheme membership/applicability pertaining to manual penetration testers only as outlined below.
The CHECK scheme accredits organisations for manual (non-automated and human-initiated) penetration testing skills only. It accredits that the organisation in question contains staff who hold NCSC approved qualifications (eg CHECK Team Leader), and that penetration tests will be conducted using NCSC recognised methods.
AppCheck's service is not penetration testing, it is vulnerability scanning. The difference is that vulnerability scanning is an automated process conducted using a scanning platform, and not a manual probe of an application, system or service by a human. You can read some of the benefits of regular vulnerability scanning and how it differs from penetration testing on our blog at https://appcheck-ng.com/importance-of-vulnerability-scanning/
The scope of CHECK accreditation is very narrow (penetration testing only) and does not therefore extend to accreditation for organisations such as AppCheck who provide services such as automated vulnerability scanning (as AppCheck does) rather than human-led penetration testing. The accreditation is therefore "not applicable" for AppCheck, as opposed to not being held.
Please sign in to leave a comment.