Service Description

Qatar's Computer Emergency Response Team (Q-CERT) at the Ministry of Communications and Information Technology (MCIT) provides this service to maintain resiliency in government entities by evaluating the security posture in information systems. As a trusted partner, Q-CERT provides penetration testing for government entities based on its engagement policy.

This service examines information systems in order to determine the security issues including improper system configuration, software or hardware vulnerabilities, security weaknesses and web application weaknesses.

This exercise includes attempts to compromise systems and exploit vulnerabilities from an attacker's perspective. It assists organizations to evaluate their actual security status. Q-CERT provides technical recommendations and advisories based on the assessment, where applying them would be under the organization's responsibilities.

Online Instructions

• Click on the "Request for This Service" button. 
• Fill all required information.
• Provide details in the comment page.
• Enter the code in the image.
• Click on "Submit." 

Additional Information

• Non-Disclosure Agreement (NDA) shall be signed by the entity requesting the service.
• Official approval from the government entity’s management is mandatory to start executing this service.
• Government entity shall understand and accept the risks and business impact that might be incurred during this exercise. This information will be shared with the entity prior to the execution of this service.
• Q-CERT is to provide the following:

• • Security assessment reports: An executive report shall be (for executive managers) and a technical report shall be (for IT administrators)
  • Reports that include findings and recommendations
  • Follow-up activities to assist implementing the recommendations and mitigating the risks