On 26 September 2024, the European Central Bank (ECB) issued a paper which outlines how the European framework for threat intelligence-based ethical red teaming – the TIBER-EU framework – can help Member State competent authorities (NCAs) and financial entities fulfil the threat-led penetration testing (TLPT) requirements in the Digital Operational Resilience Act (DORA).
The paper describes what the adoption of TIBER-EU entails and the benefits of adopting it. It also states that as the testing requirements of DORA TLPT and the TIBER-EU framework are aligned, synergies will be reaped if NCAs adopt and implement the TIBER-EU framework. NCAs and financial entities would benefit from using a single common framework for TLPT that is already established.