Data IntelligenceAI ControlRAG SystemsVoice AIDORA LibraryBlogAboutPricingSchedule Review
← Back to DORA Library
EUFinal DraftFinal Report

RTS on TLPT (Final Report)

Final Report – Draft Regulatory Technical Standards specifying elements related to threat-led penetration tests under Article 26(11) of Regulation (EU) 2022/2554

ESAs (Joint Committee of EBA, ESMA, EIOPA) in agreement with the ECB
Updated Jul 17, 2024
vFinal Report

Abstract

Final draft Regulatory Technical Standards under DORA specifying detailed requirements for threat-led penetration testing (TLPT), including criteria for identifying entities required to perform TLPT, testing methodology and phases, use of internal testers, cooperation between authorities, and remediation and reporting requirements. The standards align TLPT with the TIBER-EU framework to enhance cyber resilience of financial entities.

Key Takeaways

  • Defines criteria and methodology for conducting threat-led penetration testing under DORA Article 26.
  • Specifies phases of TLPT including preparation, threat intelligence, red-team testing, and closure with remediation planning.
  • Establishes requirements for internal and external testers and threat intelligence providers.
  • Provides rules for pooled and joint TLPTs and supervisory cooperation across Member States.
  • Aligns DORA testing framework with the TIBER-EU methodology to ensure realistic and intelligence-led cyber resilience testing.

Keywords

JC 2024 29TLPTThreat-led penetration testingDORA Article 26TIBER-EURed teamingCyber resilience testing

Need DORA-Aligned AI Architecture?

We build AI systems that satisfy DORA requirements from day one. Audit trails, governance, exit readiness - built in, not bolted on.

Schedule Architecture Reviewviktor@intellectumlab.com | Response within 24 hours