|
Work item:
|
X.res-dfs
|
|
Subject/title:
|
Cyber resilience assessment framework for digital financial services
|
|
Status:
|
Under study
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
-
|
|
Equivalent number:
|
-
|
|
Timing:
|
2027-01 (Medium priority)
|
|
Liaison:
|
ITU-T SG2, ITU-T SG3, ITU-T SG11, ISO/IEC JTC 1/SC 27
|
|
Supporting members:
|
Uganda, Soonchunhyang University, Oman, South Africa, Tanzania, Zimbabwe, Ghana, Rwanda, Sierra Leone, Senegal
|
|
Summary:
|
This Recommendation provides a methodology a cyber resilience assessment framework for evaluating and improving the cyber-resilience maturity of DFS.
It defines:
A DFS critical-entity identification matrix covering telecom operators, DFS providers, payment switches, and third-party service providers;
A five-pillar resilience model (risk management, governance, testing, training & awareness, and incident response);
A maturity-scoring system and self-assessment questionnaire that regulators can apply to benchmark resilience levels; and
Guidelines for cross-sector coordination and information-sharing between telecom and financial regulators.
The work aligns terminology and structure with existing Recommendations ITU-T X.1150 (Security assurance framework for digital financial services) and ITU-T X.1456 (Security guidelines for DFS applications based on USSD and STK), while extending them from security assurance to resilience assurance across DFS critical infrastructure.
|
|
Comment:
|
Incubated
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2026-06-10 14:40:26
|
|
Last update:
2026-06-15 12:41:24
|
|
