Update of the National TIBER-IT Guide for Advanced Cybersecurity Testing for the Italian Financial Sector

Category

Undertakings

Description

Banca d’Italia, CONSOB and IVASS have updated the TIBER-IT National Guide for conducting advanced cybersecurity tests, aligning it with the new requirements introduced by Regulation (EU) 2022/2554 (DORA).

To strengthen the digital operational resilience of the financial sector, DORA requires that certain financial entities—identified by the competent authorities based on qualitative and quantitative criteria—must perform Threat-Led Penetration Testing (TLPT) on their ICT systems at least once every three years.

The updated TIBER-IT Guide serves as the single methodological framework for Italian financial entities to carry out TLPT, whether it is required under DORA or done on a voluntary basis by entities not subject to mandatory testing.

This revision incorporates the latest provisions on TLPT introduced by the DORA Regulation, the related TLPT Delegated Regulation adopted by the European Commission, and the updated version of the TIBER-EU.

Further details are available on the page dedicated to the National TIBER-IT Guide on the Bank of Italy website.

issue date

11 December 2025

Documents

1st Update of the TIBER-IT National Guide pdf 195.1 KB Joint communication by Bank of Italy, CONSOB and IVASS
TIBER-IT National Guide 2.0 pdf 1.6 MB

Consumer Contact Center

Toll-free number: 800 48 66 61 Monday to Friday from 8.30 to 14.30

Calls from abroad: +39 06 9435 8604
Intermediary Contact Center

+39 06 404 14 680

Monday to Friday from 8.30 to 14.30
Public estimator

Toll-free number: 800 18 48 01 Monday to Friday from 8.30 to 16.30

Calls from abroad: +39 06 9435 8604

Update of the National TIBER-IT Guide for Advanced Cybersecurity Testing for the Italian Financial Sector

Documents

Navigation

IVASS Istituto per la Vigilanza sulle Assicurazioni

Legal information

Follow us

Links (esternal link)