Source: EC-adopted draft
EN
- Digital operational resilience act
Digital operational resilience testing
- RTS on threat-led penetration testing
Article 3 TCT and TLPT Test Managers
A TLPT authority means: shall assign the responsibility for coordinating TLPT-related activities to a TCT. A TCT shall include test managers means staff designated to lead the activities of the TLPT authority for a specific TLPT to monitor compliance with the requirements of this Regulation; that are assigned to oversee an individual TLPT(threat-led penetration testing) a framework that mimics the tactics, techniques and procedures of real-life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the financial entity’s critical live production systems.
For each test, a test manager and at least one alternate shall be designated.
The test managers means staff designated to lead the activities of the TLPT authority for a specific TLPT to monitor compliance with the requirements of this Regulation; shall monitor and ensure that the requirements laid out in this Regulation are complied with.
The contact details of the TCT shall be communicated to the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; through the notification referred to in Article 8(1).
The TLPT authority means: shall participate to all the phases of the TLPT(threat-led penetration testing) a framework that mimics the tactics, techniques and procedures of real-life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the financial entity’s critical live production systems and shall endeavour to provide feedback, validations or approvals in a period of time adequate to expediently carry out the TLPT(threat-led penetration testing) a framework that mimics the tactics, techniques and procedures of real-life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the financial entity’s critical live production systems.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.