The Global Financial Markets Association (GFMA) has published a set of principles to guide the development of a commonly accepted framework for cybersecurity penetration testing.

The GFMA notes that a number of jurisdictions around the world already leverage penetration testing in their regulatory regime. The goal of the GFMA proposal is not to compete with existing frameworks but rather to coordinate their development and use to ensure that financial institutions are able to safely, securely and efficiently comply with their supervisory requirements. The GFMA penetration testing framework is similarly aligned with the G-7’s broader recommendations on how institutions can conduct effective cybersecurity assessments, promoting safe and effective testing methods.

View GFMA publishes key principles for a commonly accepted cybersecurity penetration testing framework, 12 December 2017