DORAArt. 13voice-validated
DORA Art13: Art. 13
Digital Operational Resilience Act (EU 2022/2554)
AL
Founder at SQUR · last verified 2026-06-19
Regulation text
Financial entities must have capabilities and staff to gather information on vulnerabilities and cyber threats, ICT-related incidents, in particular cyber-attacks, and analyse the impact they are likely to have on their digital operational resilience. The ICT risk-management framework must include post-incident reviews after significant ICT disruptions; results of these reviews must be communicated to the management body. They must develop continuous monitoring and analysis of these elements to identify trends and update protections.
ATT&CK techniques this article tests · 15
| Technique | Why it maps | Confidence |
|---|---|---|
| T1046 | 1. Financial entities scan networks for vulnerabilities, aligning with network service discovery. DORA Art. 13 requires gathering vulnerability information. | 90% |
| T1087 | 1. Account discovery identifies potential access points and misconfigurations, supporting vulnerability assessment. DORA Art. 13 mandates vulnerability information gathering. | 85% |
| T1082 | 1. System information discovery aids in identifying configuration weaknesses and potential attack vectors. DORA Art. 13 requires gathering vulnerability information. | 85% |
| T1059 | 1. Monitoring command and scripting interpreter usage helps detect malicious activity during incident analysis. DORA Art. 13 mandates incident analysis. | 80% |
| T1071 | 1. Analysis of application layer protocols identifies command and control channels and data exfiltration attempts. DORA Art. 13 requires continuous monitoring. | 85% |
| T1048 | 1. Understanding exfiltration methods informs impact analysis and protection updates. DORA Art. 13 requires impact analysis and protection updates. | 80% |
| T1053 | 1. Detecting unauthorized scheduled tasks is crucial for identifying persistence and updating protections. DORA Art. 13 mandates continuous monitoring. | 85% |
| T1078 | 1. Monitoring valid account usage helps detect unauthorized access and potential misuse, informing incident analysis. DORA Art. 13 requires incident analysis. | 90% |
| T1003 | 1. Detecting OS credential dumping is essential for understanding attack scope and improving protective measures. DORA Art. 13 mandates incident analysis. | 85% |
| T1036 | 1. Identifying masquerading techniques helps detect defense evasion and enhances threat detection capabilities. DORA Art. 13 requires continuous monitoring. | 80% |
| T1090 | 1. Monitoring proxy usage for suspicious C2 activity supports continuous threat analysis and protection updates. DORA Art. 13 mandates continuous monitoring. | 80% |
| T1027 | 1. Detecting obfuscated files or information helps identify defense evasion techniques and improve detection. DORA Art. 13 requires continuous monitoring. | 80% |
| T1070 | 1. Post-incident reviews analyze indicator removal to understand attacker actions and improve forensic capabilities. DORA Art. 13 mandates post-incident reviews. | 75% |
| T1005 | 1. Monitoring for unauthorized data collection from local systems is vital for detecting potential exfiltration. DORA Art. 13 requires continuous monitoring. | 85% |
| T1041 | 1. Detecting exfiltration over C2 channels is critical for assessing data loss and refining protective measures. DORA Art. 13 requires impact analysis and protection updates. | 85% |
Defending mitigations · 7
| Mitigation | What it does | Confidence |
|---|---|---|
| M1013 | 1. Comprehensive event logging provides data for continuous monitoring, incident analysis, and post-incident reviews. DORA Art. 13 mandates these activities. | 95% |
| M1015 | 1. Secure software configurations reduce vulnerabilities and enhance resilience against cyber threats. DORA Art. 13 requires managing ICT risk. | 90% |
| M1016 | 1. Regular vulnerability scanning identifies weaknesses, supporting the gathering of vulnerability information. DORA Art. 13 explicitly requires this. | 95% |
| M1031 | 1. Network segmentation limits the impact of ICT-related incidents by restricting lateral movement. DORA Art. 13 requires impact analysis and resilience. | 85% |
| M1035 | 1. Limiting network access to resources reduces the attack surface and strengthens protections. DORA Art. 13 requires updating protections. | 85% |
| M1047 | 1. Regular audits verify security controls and provide data for continuous monitoring and post-incident reviews. DORA Art. 13 mandates these processes. | 90% |
| M1051 | 1. Timely software updates patch vulnerabilities, directly contributing to updated protections. DORA Art. 13 requires updating protections. | 95% |
Underlying weaknesses · 7
| CWE | Why it persists | Confidence |
|---|---|---|
| CWE-200 | 1. Inadequate controls can lead to sensitive information exposure, increasing incident impact. DORA Art. 13 requires impact analysis. | 90% |
| CWE-284 | 1. Improper access controls allow unauthorized actions, increasing vulnerability to cyber-attacks. DORA Art. 13 requires managing ICT risk. | 90% |
| CWE-732 | 1. Incorrect permissions on critical resources create exploitable vulnerabilities, impacting resilience. DORA Art. 13 requires vulnerability management. | 85% |
| CWE-20 | 1. Improper input validation can lead to various vulnerabilities, requiring continuous monitoring for exploitation. DORA Art. 13 mandates continuous monitoring. | 85% |
| CWE-306 | 1. Lack of authentication for critical functions creates severe vulnerabilities, increasing attack surface. DORA Art. 13 requires managing ICT risk. | 85% |
| CWE-502 | 1. Deserialization of untrusted data can lead to remote code execution, a critical vulnerability to monitor. DORA Art. 13 mandates continuous monitoring. | 80% |
| CWE-79 | 1. XSS vulnerabilities allow client-side script injection, requiring continuous monitoring and protection updates. DORA Art. 13 mandates continuous monitoring. | 80% |
What SQUR Covers
Web application + API pentesting for OWASP Top 10, business logic flaws, authentication bypass, injection attacks, and other application-layer vulnerabilities. €1,995 per scan, 24-hour turnaround, EU-only data.
What SQUR Does Not Cover
Internal network pentesting, endpoint security testing, physical security assessments, social engineering, or ICT third-party concentration risk reviews. Engage a complementary provider for those scope items.
Provenance
Mapped Q2.2026 using gemini-2.5-flash · €0.0182 compute · voice-rubric self-validated