Revised CORIE framework and rollout
The Council of Financial Regulators has today released an updated version of the Cyber Operational Resilience Intelligence-led Exercises framework (CORIE framework v2.0). This follows the completion of a successful pilot of CORIE and the Council’s endorsement at its June meeting of minor changes to the framework and a plan for the wider rollout of the program.
All changes made to the framework are within the existing framework structure. Key pillars to the framework, including the gathering of threat intelligence to lead and shape adversary simulations, will remain.
The process for determining the financial institutions to participate in future exercises will take a risk-based approach, and will be conducted in the lead-up to each round of CORIE.
A separate guide for providers of threat intelligence and red teaming services is also available. The procurement of these services and the selection of a provider is the responsibility of the participating financial institution.
In December 2020, the Council of Financial Regulators released a Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework to test and demonstrate the cyber maturity and resilience of institutions within the Australian financial services industry. Developed to aid preparation and execution of industry-wide cyber resilience exercises, the CORIE framework was tested during a pilot program which ran from late 2020 to late 2021, and involved the participation of multiple financial institutions.