Joint Regulatory Technical Standards specifying elements related to threat led penetration tests
- Status: Final draft RTS/ITS adopted by the EBA and submitted to the European Commission
These Regulatory Technical Standards (RTS) specify further:
- the criteria used for identifying financial entities required to perform threat-led penetration testing (TLPT),
- the requirements and standards governing the use of internal testers,
- the requirements in relation to scope, testing methodology and approach for each phase of the testing, results, closure and remediation stages, and
- the type of supervisory and other relevant cooperation needed for the implementation of TLPT and for the facilitation of mutual recognition.