RTS on threat-led penetration testing (TLPT) (DORA package 2)

Topic area:

Status: 22.07.2024 |

Key words:

Official name

Final Report Draft Regulatory Technical Standards specifying elements related to threat led penetration tests under Article 26(11) of Regulation (EU) 2022/2554

COMMISSION DELEGATED REGULATION (EU) …/… of XXX supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria used for identifying financial entities required to perform threat-led penetration testing, the requirements and standards governing the use of internal testers, the requirements in relation to scope, testing methodology and approach for each phase of the testing, results, closure and remediation stages and the type of supervisory and other relevant cooperation needed for the implementation of TLPT and for the facilitation of mutual recognition.

Type

Delegated Regulation

Level 2

Initiator

ESAs

Submitted

08.12.2023

Doc. code

JC 2024 29

Summary

Status

Get a subscription to have access to the whole content.

Current version

Final version

17.07.2024

Next step

Entry into force

Get a subscription to have access to the whole content.

Application date

Get a subscription to have access to the whole content.

Scope

Relevant for

Get a subscription to have access to the whole content.

Level 1

DORA - Improving digital operational resilience against cyberattacks (binding, Main version, EU)

Level 2

–

Level 3 / Other

Tiber EU-Framework (non-binding, EU)

AMF Update DORA: Testing digital operational resilience (non-binding, NL)

Source: ESAs, JC 2024 29, 2024