EUIn Force1.0
TIBER-EU Control Team Guidance
TIBER-EU Control Team Guidance
Abstract
Operational guidance issued under the TIBER-EU framework describing how financial entities should establish and operate a Control Team responsible for planning, managing, and overseeing threat-led penetration testing (TLPT). The document defines responsibilities, governance, required skills and experience, escalation management, confidentiality requirements, and coordination with test managers and service providers.
Key Takeaways
- Defines the role and responsibilities of the Control Team in managing end-to-end TIBER-EU threat-led penetration testing.
- Specifies requirements for Control Team composition, including the Control Team Lead, SMEs, and escalation roles.
- Provides guidance on governance, confidentiality, escalation handling, and cooperation with test managers and third-party providers.
- Describes required skills, experience, and authority for Control Team members and leads.
- Includes indicative time commitments and operational considerations across different testing phases.
Keywords
TIBER-EUControl TeamTLPTThreat-led penetration testingECBResilience testingCyber resilienceRed team testing
Need DORA-Aligned AI Architecture?
We build AI systems that satisfy DORA requirements from day one. Audit trails, governance, exit readiness - built in, not bolted on.
Schedule Architecture Reviewviktor@intellectumlab.com | Response within 24 hours