Canada: Adopted OSFI Intelligence-led Cyber Resilience Testing (I-CRT) Framework

On 21 April 2023, Canada's Office of the Superintendent of Financial Institutions (OSFI) issued a guideline for the financial sector to increase its cyber resilience. The guideline delves into a detailed methodology on how to conduct intelligence-led cyber resilience testing (I-CRT). The purpose of the I-CRT is to diligently identify the weaknesses and existing cyber controls of Federally Regulated Financial Institutions (FRFI). The I-CRT results are intended to enable FRFIs to improve their cybersecurity. The guideline breaks down the roles and responsibilities within the FRFIs and outlines the difference between different cyber tests, like penetration testing, red teaming, and I-CRT.