+Digital Operational Resilience Testing
---+Resilience Testing Program
---+Diverse Testing Modalities
|
1. Overview
Digital Operational Resilience Testing
| Summary |
Standard |
|
Resilience Testing Program
|
Establish a risk-based digital operational resilience testing program encompassing identification, classification, and full remediation of test deficiencies based on risk landscape and criticality of assets and services. Utilize independent internal or external parties for conducting tests, ensuring clear Segregation of Duties (SoD). Conduct yearly tests on all systems and applications supporting critical or important functions (see controls 19-20 for the digital operational resilience tests).
|
|
Diverse Testing Modalities
|
Employ a range of tests including vulnerability assessments, open source analyses, network security assessments, gap analyses, physical security reviews, questionnaires, scanning software solutions, source code reviews (where applicable), scenario-based tests, compatibility testing, performance testing, end-to-end testing, and penetration testing as appropriate.
|
1.1 References
1.2 Identified Requirements
1.2 Related Regulation
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Regulations
Regulations
| Source |
Regulation |
|