Threat-Led Penetration Testing (TLPT)
Threat-led penetration testing is an advanced, intelligence-driven test of a financial entity's live production systems required under DORA Article 26 for significant entities. It simulates the tactics of real threat actors and follows the EU's TIBER-EU framework.
Detailed explanation
Unlike routine vulnerability scanning, TLPT uses current threat intelligence to emulate how a realistic adversary would attack the entity's critical or important functions, on production systems, with controlled scope and rules of engagement. Entities identified as significant must perform TLPT at least once every three years, though competent authorities have discretion over frequency and scope. Because critical functions often rely on outsourced services, ICT third-party providers may need to participate in the test. Results feed back into the ICT risk-management framework and remediation tracking.
In context
This term relates to the Digital Resilience Testing pillar and is grounded in DORA Article 26.