TIBER-FI Framework

At the core of TIBER-FI are security tests directed at the key information systems of financial sector entities. Organizations resource, plan, and arrange these tests according to the TIBER-FI operational model.

The EU's Digital Operational Resilience Act for the financial sector, which came into force in January 2025, gives competent authorities the ability to impose an obligation to implement threat-based penetration testing. In Finland, this authority is the Financial Supervisory Authority (FIN-FSA), and the testing requirements can be fulfilled through testing that complies with the TIBER-FI framework.

Documents

The main document titled TIBER-FI procedures and guidelines (pdf) describes the framework and its operation. The framework is an implementation of TIBER-EU by the European Central Bank.

In the document there are references to several TIBER-EU guidance documents which are essential for every test project. Those documents can be downloaded from ECB's web site.

Full list of guidance documents is: 

• TIBER-EU Control Team Guidance
• TIBER-EU Initiation Documents Guidance
• TIBER-EU Guidance for Service Provider Procurement
• TIBER-EU Scope Specification Document Guidance
• TIBER-EU Targeted Threat Intelligence Report Guidance
• TIBER-EU Red Team Test Plan Guidance
• TIBER-EU Red Team Test Report Guidance
• TIBER-EU Blue Team Test Report Guidance
• TIBER-EU Purple Teaming Guidance
• TIBER-EU Remediation Plan Guidance
• TIBER-EU Test Summary Report Guidance
• TIBER-EU Attestation Guidance

Contact Information

Head of TIBER-FI team (TCT): Head of Division Terhi Wathén, Bank of Finland, tel 09 183 2164, terhi.wathen@bof.fi

TIBER-FI Test Manager: Advisor Marko Buuri, Bank of Finland, tel. 09 183 3109, marko.buuri@bof.fi 

TIBER-FI Team (TCT): tiberfi@bof.fi 

If you are a cybersecurity services provider interested in receiving communications and invitations to periodical provider meetings about TIBER-FI, please let the TCT know.