Commission Delegated Regulation (EU) 2025/1190 of 13 February 2025 supplementing ... (32025R1190)
INHALT
Commission Delegated Regulation (EU) 2025/1190 of 13 February 2025 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria used for identifying financial entities required to perform threat-led penetration testing, the requirements and standards governing the use of internal testers, the requirements in relation to the scope, testing methodology and approach for each phase of the testing, results, closure and remediation stages and the type of supervisory and other relevant cooperation needed for the implementation of TLPT and for the facilitation of mutual recognition
- COMMISSION DELEGATED REGULATION (EU) 2025/1190
- of 13 February 2025
- supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria used for identifying financial entities required to perform threat-led penetration testing, the requirements and standards governing the use of internal testers, the requirements in relation to the scope, testing methodology and approach for each phase of the testing, results, closure and remediation stages and the type of supervisory and other relevant cooperation needed for the implementation of TLPT and for the facilitation of mutual recognition
- (Text with EEA relevance)
- Article 1
- Definitions
- Article 2
- Identification of financial entities required to perform TLPT
- Article 3
- TCT and TLPT Test Managers
- Article 4
- Organisational arrangements for financial entities
- Article 5
- Risk management for TLPT
- Article 6
- Risk management for pooled or joint TLPTs
- Article 7
- Selection of TLPT providers
- Article 8
- Specificities for pooled or joint TLPTs
- Article 9
- Preparation phase
- Article 10
- Testing phase: threat intelligence
- Article 11
- Testing phase: red team test
- Article 12
- Closure phase
- Article 13
- Remediation plan
- Article 14
- Attestation
- Article 15
- Use of internal testers
- Article 16
- Cooperation and mutual recognition
- Article 17
- Entry into force
- ANNEX I
- Content of the project charter (Article 9(2)(a))
- ANNEX II
- Content of the scope specification document (Article 9(6))
- ANNEX III
- Content of the targeted threat intelligence report (Article 10(5))
- ANNEX IV
- Content of the red team test plan (Article 11(1))
- ANNEX V
- Content of the red team test report (Article 12(2))
- ANNEX VI
- Content of the blue team test report (Article 12(4))
- ANNEX VII
- Details of the report summarizing the relevant findings of the TLPT referred to in Article 26(6) of Regulation (EU) 2022/2554
- ANNEX VIII
- Details of the attestation of the TLPT referred to in Article 26(7) of Regulation (EU) 2022/2554
Feedback