Skip to main content
DORA Auditor

Threat-Led Penetration Testing (TLPT)

Last updated: 1 authoritative sourceDORA Auditor Editorial Team

Threat-led penetration testing is an advanced, intelligence-driven test of a financial entity's live production systems required under DORA Article 26 for significant entities. It simulates the tactics of real threat actors and follows the EU's TIBER-EU framework.

Detailed explanation

Unlike routine vulnerability scanning, TLPT uses current threat intelligence to emulate how a realistic adversary would attack the entity's critical or important functions, on production systems, with controlled scope and rules of engagement. Entities identified as significant must perform TLPT at least once every three years, though competent authorities have discretion over frequency and scope. Because critical functions often rely on outsourced services, ICT third-party providers may need to participate in the test. Results feed back into the ICT risk-management framework and remediation tracking.

In context

This term relates to the Digital Resilience Testing pillar and is grounded in DORA Article 26.

Related terms

Sources

  1. DORA Article 26, EUR-Lex