Art. 3 TCT and TLPT Test Managers | RTS on threat-led penetration testing | DORA

1. A TLPT(threat-led penetration testing) a framework that mimics the tactics, techniques and procedures of real-life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the financial entity’s critical live production systems authority shall assign the responsibility for coordinating TLPT-related activities to a TCT. A TCT shall be composed of test managers means staff designated to lead the activities of the TLPT authority for a specific TLPT to monitor compliance with this Regulation; that are assigned to oversee an individual TLPT(threat-led penetration testing) a framework that mimics the tactics, techniques and procedures of real-life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the financial entity’s critical live production systems.
1. For each test, the TLPT(threat-led penetration testing) a framework that mimics the tactics, techniques and procedures of real-life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the financial entity’s critical live production systems authority shall designate a test manager and at least one alternate.
1. The test managers means staff designated to lead the activities of the TLPT authority for a specific TLPT to monitor compliance with this Regulation; shall monitor whether, and ensure that, the requirements laid down in this Regulation are complied with.
1. The test manager shall communicate the contact details of the TCT to the financial entity through the notification referred to in Article 9(1).
1. The TLPT(threat-led penetration testing) a framework that mimics the tactics, techniques and procedures of real-life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the financial entity’s critical live production systems authority shall participate to all the phases of the TLPT(threat-led penetration testing) a framework that mimics the tactics, techniques and procedures of real-life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the financial entity’s critical live production systems.