cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Digital Operational Resilience Act for Financial Sector (DORA)

Hi All

 

Cryptography management and cryptoagility closer to become regulation after the three European Supervisory Authorities (European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA) and European Securities and Markets Authority (ESMA) – the ESAs) published today the first set of final draft Regulatory Technical Standards (RTS) under the DORA. (Find the relevant links at the end)

DORA is the Digital Operational Resilience Act for the financial sector with rules for the protection, detection, containment, recovery and repair capabilities against IT incidents.

The draft RTS on ICT risk management framework covers encryption and cryptography in section IV (page 49). Review highlight Article 6, point 4:
"Financial entities shall include in the policy on encryption and cryptographic controls provisions to, where necessary, on the basis of developments in cryptanalysis, update or change the cryptographic technology to ensure they remain resilient against cyber threats [...]. Where the financial entity cannot update or change the cryptographic technology, it shall adopt mitigation and monitoring measures to ensure they remain resilient against cyber threats."

These final draft technical standards have been submitted to the European Commission, who will now start working on their review with the objective to adopt these first standards in the coming months. So, proper cryptography management and cryptoagility will soon be part of the regulatory compliance obligations of financial entities in Europe.

 

https://lnkd.in/dnzDP9PG

https://lnkd.in/dp2aUj75

https://lnkd.in/dtJguGHf

 

Regards

 

Caute_Cautim

2 Replies
Kyaw_Myo_Oo
Contributor III

Thanks for sharing @Caute_cautim.

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | SAA-C03 | CCSM | CISSP | PMP
SecuFreak
Viewer

Thanks for sharing @Caute_cautim . I came across this subject when I was searching for DORA related articles, webinars... but couldn't find any in the ISC2 community.

 

How can we have the RTS and ITS that are validated for use? Are they available for public?

 

Regards,

SecuFreak