Joint Regulatory Technical Standards specifying elements related to threat led penetration tests

  • Status: Under consultation

These Regulatory Technical Standards  (RTS) specify further:

  • the criteria used for identifying financial entities required to perform threat-led penetration testing (TLPT),
  • the requirements and standards governing the use of internal testers,
  • the requirements in relation to scope, testing methodology and approach for each phase of the testing, results, closure and remediation stages, and
  • the type of supervisory and other relevant cooperation needed for the implementation of TLPT and for the facilitation of mutual recognition.

Summary of document history

Previous versions Current version Ongoing versions

Consultation on Joint draft RTS specifying elements related to threat led penetration tests

  • Status: Open
  • Deadline: 4 MARCH 2024
Documents
Consultation paper on Joint draft RTS specifying elements related to threat led penetration tests

(685.8 KB - PDF)

Links

Responses

Responses to the consultations can be sent to the EBA.

All contributions received will be published after the consultation closes, unless requested otherwise.

Deadline for submitting responses: 04/03/2024 at 23:59

Press contacts

Franca Rosa Congiu