Featured Product

    ECB Publishes Services Procurement Guidelines for TIBER-EU Tests

    August 07, 2018

    ECB published the Services Procurement Guidelines, which are referred to in, and are an integral part of, the Threat Intelligence-Based Ethical Red Teaming (TIBER-EU) framework. The guidelines set out in detail the different elements of TIBER-EU procurement. TIBER-EU framework enables European and national authorities to work with financial infrastructures and institutions to put in place a program to test and improve their resilience against sophisticated cyber attacks. Due to the sensitive nature of TIBER-EU tests, entities need to carefully select threat intelligence and red teaming providers that can provide an appropriate level of professional expertise and support for conducting the test.

    The first part of the document sets out the requirements and standards that must be met by threat intelligence providers to deliver recognized TIBER-EU tests and offers guiding principles and selection criteria for entities, as they look to procure services from prospective providers. Then, the document sets out the requirements and standards that must be met by red teaming providers to deliver recognized TIBER-EU tests and offer guiding principles and selection criteria for entities, as they look to procure services from prospective providers. Next, it provides guidance to authorities that are looking to implement TIBER-EU at the national and European levels, with regard to procurement. Annex 1 provides a list of certifications that staff members and providers may be, depending on the case, required to possess. Annexes 2-5 provide questions that entities could use when considering prospective providers and agreement checklists to assist the procurement functions during their procurement process.

    The guidelines are directed at authorities responsible for the adoption, implementation, and management of the TIBER-EU Framework at national and European levels; entities looking to undertake TIBER-EU tests; organizations interested in providing cyber threat intelligence services under TIBER-EU; organizations interested in providing red team testing services under TIBER-EU; and accreditation and certification providers. As the TIBER-EU Framework is implemented across EU, the TIBER-EU Knowledge Center (TKC) will monitor the evolution of the threat intelligence and red team testing market and update the requirements, if necessary. TKC will undertake this task by closely liaising with the authorities that adopt the TIBER-EU Framework, the entities that undertake the tests, and the threat intelligence/red teaming providers that deliver the tests.

     

    Related Link: Guidelines (PDF)

    Keywords: Europe, EU, Banking, Insurance, Securities, PMI, Cyber Risk, TIBER-EU, Cyber Resilience, Procurement Services Guidelines, ECB

    Related Articles
    News

    EBA Updates List of Validation Rules for Reporting by Banks

    EBA issued a revised list of validation rules with respect to the implementing technical standards on supervisory reporting.

    September 10, 2020 WebPage Regulatory News
    News

    EBA Responds to EC Call for Advice to Strengthen AML/CFT Framework

    EBA published its response to the call for advice of EC on ways to strengthen the EU legal framework on anti-money laundering and countering the financing of terrorism (AML/CFT).

    September 10, 2020 WebPage Regulatory News
    News

    NGFS Advocates Environmental Risk Analysis for Financial Sector

    NGFS published a paper on the overview of environmental risk analysis by financial institutions and an occasional paper on the case studies on environmental risk analysis methodologies.

    September 10, 2020 WebPage Regulatory News
    News

    MAS Issues Guidelines to Promote Senior Management Accountability

    MAS published the guidelines on individual accountability and conduct at financial institutions.

    September 10, 2020 WebPage Regulatory News
    News

    APRA Formalizes Capital Treatment and Reporting of COVID-19 Loans

    APRA published final versions of the prudential standard APS 220 on credit quality and the reporting standard ARS 923.2 on repayment deferrals.

    September 09, 2020 WebPage Regulatory News
    News

    SRB Chair Discusses Path to Harmonized Liquidation Regime for Banks

    SRB published two articles, with one article discussing the framework in place to safeguard financial stability amid crisis and the other article outlining the path to a harmonized and predictable liquidation regime.

    September 09, 2020 WebPage Regulatory News
    News

    FSB Workshop Discusses Preliminary Findings of Too-Big-To-Fail Reforms

    FSB hosted a virtual workshop as part of the consultation process for its evaluation of the too-big-to-fail reforms.

    September 09, 2020 WebPage Regulatory News
    News

    ECB Updates List of Supervised Entities in EU in September 2020

    ECB updated the list of supervised entities in EU, with the number of significant supervised entities being 115.

    September 08, 2020 WebPage Regulatory News
    News

    OSFI Identifies Focus Areas to Strengthen Third-Party Risk Management

    OSFI published the key findings of a study on third-party risk management.

    September 08, 2020 WebPage Regulatory News
    News

    FSB Extends Implementation Timeline for Framework on SFTs

    FSB is extending the implementation timeline, by one year, for the minimum haircut standards for non-centrally cleared securities financing transactions or SFTs.

    September 07, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 5796