TIBER Framework and Guides
About TIBER
The TIBER-EU and TIBER-NO implementation consists of a series of guides and templates. Some contain mandatory requirements for TIBER-NO testing, while others are guidance documents or templates. The TIBER-EU guides can also be found at the European Central Bank’s website for TIBER-EU. Non-published documents may be requested directly from TCT-NO.
TIBER
The TIBER framework is set out in the documents listed below. TCT‑NO advises all entities conducting a TIBER‑NO test to start with the TIBER‑NO Operational Guide, which serves as a handbook for all stakeholders throughout the entire test. In addition, the TIBER‑NO Approval Checklists summarise the mandatory requirements from the guides and templates and are used by TCT‑NO when approving TIBER‑NO tests.
Non-published document
Send an e-mail for access to the following document:
- TIBER-NO Approval Checklists
DORA TLPT
With the Digital Operational Resilience Act (DORA) regulation, Threat-Led Penetration Testing (TLPT) became mandatory for identified financial entities. TIBER is a way to conduct TLPT, and both TIBER-EU and TIBER-NO are now adapted to the DORA TLPT requirements. Requirements set out on TLPTs specifically are included in the following DORA relevant documents.
Phases
The relevant documents for each phase are included in the subsections below.
Preparation phase
Non-published documents
Send an e-mail for access to the following documents:
- TIBER-NO Generic Threat Landscape Report (NFCERT)
- TIBER-NO Test Overview (Excel) template
- TIBER-NO Provider Information template
Testing phase – Threat Intelligence phase
Non-published document
Send an e-mail for access to the following document:
- TIBER-NO Leg-up Guidance
Testing phase – Active Testing phase
Non-published document
Send an e-mail for access to the following document:
- TIBER-NO Red Team Status Reporting (PowerPoint) template