Recital 23 Limited purple teaming as alternative to continued testing

During the active red teaming in the testing phase, if necessary to allow for the continuation of the TLPT as a last resort in exceptional circumstances and once all alternative options have been exhausted, a collaborative testing activity that involves both the testers and the blue teammeans the staff of the financial entity and, where relevant, staff of the financial entity’s third-party service providers and any other party deemed relevant in consideration of the scope of the TLPT, of the financial entity’s third-party service providers, that are defending a financial entity's use of network and information systems by maintaining its security posture against simulated or real attacks and that is not aware of the TLPT;, should be used. In the context of such limited purple teamingmeans a collaborative testing activity that involves both the testers and the blue team; exercise, the following methods can be used: ‘catch-and-release’, where testers attempt to continue the scenarios, get detected and then resume the testing, ‘war gaming’, which allows for more complex scenarios to test strategic decision-making, or ‘collaborative proof-of-concept’ which enables testers and blue teammeans the staff of the financial entity and, where relevant, staff of the financial entity’s third-party service providers and any other party deemed relevant in consideration of the scope of the TLPT, of the financial entity’s third-party service providers, that are defending a financial entity's use of network and information systems by maintaining its security posture against simulated or real attacks and that is not aware of the TLPT; members to jointly validate specific security measures, tools, or techniques in a controlled and cooperative environment.