Recital 20 Duration of the red team test phase

To enable testers to conduct a realistic and comprehensive testing in which all attack phases are executed and flags are key objectives in the ICT systems supporting critical or important functions of a financial entity that the testers try to achieve through the test; are reached, sufficient time should be allocated to the active red team means the testers, internal or external, contracted for, or assigned to, a TLPT; testing phase. On the basis of the experience gathered with the TIBER-EU framework, the time allocated should be at least 12 weeks and should be determined taking into account the number of parties involved, the TLPT(threat-led penetration testing) a framework that mimics the tactics, techniques and procedures of real-life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the financial entity’s critical live production systems scope, the resources of the involved financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; or entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, any external requirements, and the availability of supporting information supplied by the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;.