Source: OJ L, 2025/1190, 18.6.2025
EN- Digital operational resilience in the financial sector
Digital operational resilience testing
- RTS on threat-led penetration testing
Annex VI Content of the blue team test report (Article 12(4))
The blue team test report shall contain information on at least all of the following:
for each attack step described by the testers in the red team test report:
list of detected attack actions;
log entries corresponding to these detections;
assessment of the findings and recommendations of the testers;
evidence of the attack by the testers collected by the blue team;
blue team root cause analysis of successful attacks by the testers;
list of lessons learned and identified potential for improvement;
list of topics to be addressed in purple teaming.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.