UK · Framework

CBEST — CBEST Intelligence-Led Cyber Security Testing

CBEST is a framework developed by the Bank of England and the FCA for threat-led penetration testing of the UK financial sector, using real threat intelligence to simulate realistic cyber attacks.

What it is

CBEST is a framework developed by the Bank of England and the FCA for threat-led penetration testing of the UK financial sector, using real threat intelligence to simulate realistic cyber attacks.

United Kingdom · Active; annual testing cycle for designated entities

Who it binds

Systemically important financial institutions designated by the Bank of England and FCA, including major banks, payment systems and market infrastructures.

Key obligations

Gather threat intelligence from accredited providers
Conduct targeted penetration testing based on the intelligence
Run a controlled red team simulating real threat actors
Remediate and verify findings

How CCI addresses it

PenTeva delivers the simulation layer for CBEST exercises; EviGen collects the pre- and post-test control evidence that CBEST assessors require.

PenTeva → EviGen →

Official source

Bank of England / FCA CBEST Framework

https://www.bankofengland.co.uk/financial-stability/operational-resilience-of-the-financial-sector/cbest-threat-intelligence-led-assessments-implementation-guide

The linked text is the authoritative legal or standards source. CCI maps to it; it is not a CCI publication.

← All frameworks