TIBER-EU Services Procurement Guidelines published

The European Central Bank (ECB) has published the TIBER-EU Services Procurement Guidelines. The guidelines are aimed at supporting entities across the financial and other sectors in their efforts to procure services from threat intelligence and red-team-testing providers.

The TIBER-EU Services Procurement Guidelines set out requirements and standards to help testing providers deliver recognised TIBER-EU tests. In addition, the guidelines present entities with selection criteria for prospective providers and with agreement checklists for due diligence in the procurement process.

TIBER-EU is the European Framework for Threat Intelligence-based Ethical Red Teaming. It offers a common framework that delivers a controlled, bespoke, intelligence-led red team test against entities’ critical live production systems. In considering how to improve cyber resilience at a European and global level, the ECB has designed the framework as entity-agnostic and applicable in a multi-jurisdictional context.

For more information about the ECB’s cyber resilience strategy for financial market infrastructures, visit the dedicated ECB web page, a summary article and a video explainer on ethical hacking.