https://community.isc2.org/t5/Industry-News/Digital-Operational-Resilience-Act-for-Financial-Sector-DORA/m-p/66483#M6672 <P>Thanks for sharing&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/809125741">@Caute_cautim</a>.</P> Wed, 24 Jan 2024 01:33:03 GMT Kyaw_Myo_Oo 2024-01-24T01:33:03Z https://community.isc2.org/t5/Industry-News/Digital-Operational-Resilience-Act-for-Financial-Sector-DORA/m-p/66480#M6670 <P>Hi All</P><P>&nbsp;</P><P><SPAN class=""><SPAN>Cryptography management and cryptoagility closer to become regulation after the three European Supervisory Authorities (<A href="https://www.linkedin.com/company/european-banking-authority/" target="_blank" rel="noopener">European Banking Authority (EBA)</A>, <A href="https://www.linkedin.com/company/eiopa-eu/" target="_blank" rel="noopener">European Insurance and Occupational Pensions Authority (EIOPA)</A> and <A href="https://www.linkedin.com/company/european-securities-and-markets-authority-esma/" target="_blank" rel="noopener">European Securities and Markets Authority (ESMA)</A> – the ESAs) published today the&nbsp;first set of final draft Regulatory Technical Standards&nbsp;(RTS) under the DORA. (Find the relevant links at the end)<BR /><BR />DORA is the Digital Operational Resilience Act for the financial sector with&nbsp;rules for the protection, detection, containment, recovery and repair capabilities against IT incidents.<BR /><BR />The draft RTS on ICT risk management framework covers encryption and cryptography in section IV (page 49). Review highlight Article 6, point 4:<BR />"Financial entities shall include in the policy on encryption and cryptographic controls provisions to, where necessary, on the basis of developments in cryptanalysis, update or change the cryptographic technology to ensure they remain resilient against cyber threats [...]. Where the financial entity cannot update or change the cryptographic technology, it shall adopt mitigation and monitoring measures to ensure they remain resilient against cyber threats."<BR /><BR />These final draft technical standards have been submitted to the European Commission, who will now start working on their review with the objective to adopt these first standards in the coming months. So, proper cryptography management and cryptoagility will soon be part of the regulatory compliance obligations of financial entities in Europe.<BR /></SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN><A href="https://lnkd.in/dnzDP9PG" target="_self">https://lnkd.in/dnzDP9PG</A><BR /></SPAN></SPAN></P><P><SPAN class=""><SPAN><A href="https://lnkd.in/dp2aUj75" target="_self">https://lnkd.in/dp2aUj75</A></SPAN></SPAN></P><P><SPAN class=""><SPAN><A href="https://lnkd.in/dtJguGHf" target="_self">https://lnkd.in/dtJguGHf</A></SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Regards</SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Caute_Cautim</SPAN></SPAN></P> Tue, 23 Jan 2024 22:38:30 GMT https://community.isc2.org/t5/Industry-News/Digital-Operational-Resilience-Act-for-Financial-Sector-DORA/m-p/66480#M6670 Caute_cautim 2024-01-23T22:38:30Z https://community.isc2.org/t5/Industry-News/Digital-Operational-Resilience-Act-for-Financial-Sector-DORA/m-p/66483#M6672 <P>Thanks for sharing&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/809125741">@Caute_cautim</a>.</P> Wed, 24 Jan 2024 01:33:03 GMT https://community.isc2.org/t5/Industry-News/Digital-Operational-Resilience-Act-for-Financial-Sector-DORA/m-p/66483#M6672 Kyaw_Myo_Oo 2024-01-24T01:33:03Z https://community.isc2.org/t5/Industry-News/Digital-Operational-Resilience-Act-for-Financial-Sector-DORA/m-p/75647#M7318 <P>Thanks for sharing&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/809125741">@Caute_cautim</a>&nbsp;. I came across this subject when I was searching for DORA related articles, webinars... but couldn't find any in the ISC2 community.</P><P>&nbsp;</P><P>How can we have the RTS and ITS that are validated for use? Are they available for public?</P><P>&nbsp;</P><P>Regards,</P><P>SecuFreak</P> Fri, 13 Dec 2024 10:46:54 GMT https://community.isc2.org/t5/Industry-News/Digital-Operational-Resilience-Act-for-Financial-Sector-DORA/m-p/75647#M7318 SecuFreak 2024-12-13T10:46:54Z