LIVETHREAT INTELLIGENCE
NVD/NISTCVE-2025-29927 — Next.js Middleware Auth Bypass · All versions <15.2.3 affectedCRITICAL 9.1AlienVault OTXAPT29 (Cozy Bear) — Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3Recorded FutureCl0p Ransomware — MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5Shodan22,000+ Redis Instances Exposed on Port 6379 — No Auth — Cryptominer RiskHIGH 8.9VirusTotalCVE-2025-21298 — Windows OLE Remote Code Execution · CISA KEV Catalog AddedCRITICAL 9.8Censys14,500+ Exposed Kubernetes API Servers Detected — Anonymous Access EnabledHIGH 8.7AlienVault OTXFIN7 Carbanak Group — New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4NVD/NISTCVE-2025-24813 — Apache Tomcat RCE via Partial PUT · Exploit Code PublicCRITICAL 9.8Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed · PII + Insurance DataHIGH 8.1VirusTotalLumma Stealer v4.1 — New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6NVD/NISTCVE-2025-30065 — Apache Parquet RCE via Schema Parsing · CVSS Maximum ScoreCRITICAL 10.0Recorded FutureSalt Typhoon (China) — Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2VirusTotalDragonForce Ransomware — New Affiliate Program Attracting LockBit DefectorsHIGH 8.5ShodanCitrix NetScaler Bleed (CVE-2023-4966) — 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4CensysIvanti Connect Secure 0-Day Chain — Nation-State Actor Exploitation ConfirmedCRITICAL 9.0AlienVault OTXBEC Surge Q1 2026 — $3.1B in Wire Fraud · AI Voice Cloning in UseHIGH 7.9NVD/NISTCVE-2025-29927 — Next.js Middleware Auth Bypass · All versions <15.2.3 affectedCRITICAL 9.1AlienVault OTXAPT29 (Cozy Bear) — Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3Recorded FutureCl0p Ransomware — MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5Shodan22,000+ Redis Instances Exposed on Port 6379 — No Auth — Cryptominer RiskHIGH 8.9VirusTotalCVE-2025-21298 — Windows OLE Remote Code Execution · CISA KEV Catalog AddedCRITICAL 9.8Censys14,500+ Exposed Kubernetes API Servers Detected — Anonymous Access EnabledHIGH 8.7AlienVault OTXFIN7 Carbanak Group — New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4NVD/NISTCVE-2025-24813 — Apache Tomcat RCE via Partial PUT · Exploit Code PublicCRITICAL 9.8Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed · PII + Insurance DataHIGH 8.1VirusTotalLumma Stealer v4.1 — New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6NVD/NISTCVE-2025-30065 — Apache Parquet RCE via Schema Parsing · CVSS Maximum ScoreCRITICAL 10.0Recorded FutureSalt Typhoon (China) — Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2VirusTotalDragonForce Ransomware — New Affiliate Program Attracting LockBit DefectorsHIGH 8.5ShodanCitrix NetScaler Bleed (CVE-2023-4966) — 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4CensysIvanti Connect Secure 0-Day Chain — Nation-State Actor Exploitation ConfirmedCRITICAL 9.0AlienVault OTXBEC Surge Q1 2026 — $3.1B in Wire Fraud · AI Voice Cloning in UseHIGH 7.9
Security Maturity Programme

20-Domain Security Maturity Assessment

Based on the NCSA Cybersecurity Handbook and aligned to DORA, FFIEC, SOX, ISO 27001, and NIST CSF. HorizonShield uses this framework to benchmark your security posture — and build the roadmap to close every gap.

Request Full Assessment Free Pilot Programme
Maturity Scale

Five Maturity Levels

1
Initial

Ad-hoc, undocumented processes

2
Developing

Some processes defined, inconsistently applied

3
Defined

Documented, standardised, organisation-wide

4
Managed

Measured, controlled, and continuously improved

5
Optimising

Proactive, predictive, automated resilience

Why This Framework

The NCSA Cybersecurity Handbook provides 20 best-practice domains that map directly to every major regulatory framework. Instead of preparing separately for DORA, FFIEC, and ISO 27001, HorizonShield assesses you once against all of them simultaneously — saving months of duplicated effort.

DORA
ICT risk, incident handling, TLPT, TPRM
FFIEC CAT
Inherent risk, maturity levels, governance
ISO 27001:2022
All Annex A controls (93 controls)
NIST CSF 2.0
Identify, Protect, Detect, Respond, Recover, Govern
SOX ITGC
Access controls, change management, operations
What You Get
📊
Current-State Score

Maturity level (1–5) for each of the 20 domains, scored by our analysts.

🎯
Gap Register

Prioritised list of control gaps with regulatory mapping (which standard requires it).

🗺️
Roadmap

12–24 month remediation roadmap with effort estimates and quick wins.

📋
Board Pack

Executive summary formatted for board reporting and regulatory submission.

🔄
Quarterly Reviews

Progress tracking against the roadmap with updated scoring each quarter.

The Framework

All 20 Assessment Domains

Each domain is assessed independently. Financial sector annotations show the specific regulatory mapping.

Identify
Protect
Detect
Respond
Recover
Govern
01
Identify

Security Architectures & Risk Management

Documented security architecture, risk assessment methodology, and a board-approved risk appetite statement.

Risk register maintained and reviewed quarterly
Security architecture documented and version-controlled
Board-level risk appetite formally approved
Threat modelling performed for critical systems
DORA Art. 6 requires ICT risk management frameworks with full documentation. FFIEC CAT maps this to the "Governance" domain.
02
Identify

Asset Inventory (Hardware & Software)

Complete, automated inventory of all hardware assets, software licenses, and data classifications.

CMDB maintained with automated discovery
Software asset management (SAM) in place
Data classification scheme applied to all assets
Shadow IT detection active
DORA and FFIEC both require a complete ICT asset register including third-party dependencies.
03
Protect

Secure Configuration Management

Hardened baselines (CIS Benchmarks or equivalent) enforced across all devices and cloud workloads.

CIS benchmark baselines deployed
Configuration drift detection (e.g., Chef InSpec)
Change management process with rollback capability
Cloud security posture management (CSPM) active
SOX ITGC requires evidence of change management controls. FFIEC expects documented configuration standards.
04
Protect

Application & Service Execution Control

Allowlisting, code-signing, and runtime application self-protection to prevent unauthorised execution.

Application allowlisting on critical servers
Code signing enforced for deployments
RASP / WAF deployed for public-facing applications
Least-privilege execution for all service accounts
MiFID II and DORA require controls preventing unauthorised modification of trading and financial systems.
05
Protect

Access Control & Identity Governance

Role-based access control, privileged access management, and identity lifecycle governance.

RBAC implemented across all systems
PAM solution for privileged accounts (e.g., CyberArk)
User access reviews conducted quarterly
Just-in-time (JIT) access for production environments
SOX § 404 ITGC requires evidence of access controls and segregation of duties. FFIEC CAT: "Access & Account Management".
06
Protect

User Authentication (MFA & SSO)

Multi-factor authentication enforced for all users, with phishing-resistant options for privileged access.

MFA enforced for all remote access
Phishing-resistant MFA (FIDO2/WebAuthn) for admins
SSO integrated with identity provider
Password policy aligned to NIST SP 800-63B
FFIEC Authentication Guidance requires MFA for all internet-facing banking applications.
07
Protect

Network Security & Segmentation

Zero-trust network architecture, micro-segmentation, and encrypted communications across all environments.

Network segmentation with documented zones
Zero-trust architecture roadmap defined
Encrypted communications (TLS 1.3) enforced
IDS/IPS deployed at network perimeter and internally
DORA Art. 9 requires ICT security policies including network protection measures. FFIEC expects network diagrams and segmentation evidence.
08
Protect

Malware Protection

Next-gen endpoint protection, EDR, and email security across all endpoints and cloud workloads.

EDR deployed across all endpoints
Email security gateway (anti-phishing, DMARC)
Cloud workload protection (CWPP) active
Regular threat intelligence feeds integrated into EDR
FFIEC expects documented malware protection and email security controls reviewed in IT examinations.
09
Detect

Security Monitoring & SIEM

Centralised log aggregation, SIEM with tuned use cases, and 24/7 SOC operations.

SIEM deployed with documented use cases
24/7 SOC monitoring with defined escalation paths
Log retention meeting regulatory minimums (typically 1–3 years)
Baseline anomaly detection tuned to reduce false positives
DORA Art. 10 requires ICT-related incident detection capabilities. FFIEC expects documented monitoring procedures.
10
Detect

Web Application Security

DAST/SAST integrated into CI/CD, WAF deployed, and OWASP Top 10 addressed across all applications.

SAST integrated into CI/CD pipeline
DAST scans on pre-production environments
WAF deployed with OWASP Core Rule Set
Bug bounty or responsible disclosure programme
FFIEC and PCI-DSS v4.0 require application security testing for internet-facing financial applications.
11
Protect

Teleworking & Remote Access Security

Zero-trust remote access, endpoint compliance gating, and secure collaboration controls.

ZTNA or certificate-based VPN for all remote access
Endpoint compliance checked before network access
DLP controls on remote endpoints
Acceptable use policy signed and enforced
FFIEC updated its guidance post-2020 to explicitly require remote access security controls for all bank employees.
12
Protect

Cryptography & Key Management

Encryption at rest and in transit, HSM-backed key management, and certificate lifecycle automation.

Encryption at rest for all sensitive data
TLS 1.3 enforced, TLS 1.0/1.1 disabled
HSM or KMS for key management
Certificate expiry monitoring automated
GDPR Art. 32 requires encryption as an appropriate technical measure. DORA requires cryptographic controls for ICT systems.
13
Identify

Cybersecurity Awareness & Training

Role-based security training, simulated phishing, and a security culture measurement programme.

Annual security awareness training mandatory for all staff
Monthly simulated phishing campaigns
Role-based training for IT, finance, and executive staff
Security culture survey conducted annually
FFIEC requires a documented security awareness programme. DORA Art. 13 mandates ICT security awareness training.
14
Identify

Supply Chain & Third-Party Risk (TPRM)

Vendor security assessment programme, concentration risk monitoring, and contractual security requirements.

Third-party risk register with criticality ratings
Annual security assessments of critical vendors
Contractual security requirements (ISO 27001 / SOC 2)
ICT concentration risk analysis (DORA Art. 29)
DORA Chapter V is entirely dedicated to ICT third-party risk management — one of the most demanding areas for financial entities.
15
Identify

Cybersecurity Technical Assessments

Annual penetration testing, TLPT for DORA entities, red team exercises, and vulnerability management.

Annual external penetration test (CREST/OSCP certified)
TLPT (Threat-Led Pen Test) for DORA-regulated entities
Quarterly internal vulnerability scans
Red team exercise every 2–3 years
DORA Art. 26 mandates TLPT for significant financial entities. FFIEC expects documented penetration testing programmes.
16
Protect

Physical Security

Data centre access controls, clean desk policy, and physical security procedures aligned to ISO 27001 Annex A.11.

Data centre access logged and reviewed
Clean desk and clear screen policy enforced
Visitor management procedures documented
Physical security aligned to ISO 27001 A.11
Regulators expect physical security to complement logical controls. FFIEC examines data centre access logs.
17
Recover

Data Backups & Recovery

3-2-1 backup strategy, immutable backups, and tested recovery procedures with defined RTO/RPO.

3-2-1 backup strategy implemented
Immutable / air-gapped backups for critical data
RTO/RPO defined and tested annually
Backup integrity verified with automated testing
DORA Art. 12 requires ICT business continuity policies including backup and restoration procedures with tested RTO/RPO targets.
18
Respond

Incident Handling & Response

24/7 incident response capability, documented playbooks, and regulatory reporting procedures.

Incident response plan documented and tested annually
Regulatory reporting procedures (DORA 4h/72h/1-month SLAs)
IR retainer in place for surge capacity
Post-incident review (PIR) process documented
DORA Art. 17–23 define strict incident classification and reporting obligations. FFIEC expects documented IR procedures.
19
Recover

Business Continuity & Disaster Recovery

BCP/DRP tested annually, crisis communication procedures, and regulatory notification chains.

BCP/DRP documented and approved by senior management
Annual tabletop exercise for key scenarios (ransomware, DDoS)
Crisis communication plan with regulatory notification chain
Third-party BCP/DR reviews for critical ICT providers
DORA Art. 11 requires digital operational resilience testing including BCP/DR scenarios. FFIEC examines BCP documentation and test results.
20
Govern

Security Governance & Programme Management

CISO/vCISO function, security committee, KRI/KPI reporting to the board, and continuous improvement programme.

CISO or vCISO appointed with board-level reporting line
Security steering committee meeting quarterly
Security KPIs/KRIs reported to board monthly
Security programme reviewed annually against NIST CSF or ISO 27001
DORA requires ICT governance at senior management level. FFIEC CAT expects documented governance structure with executive accountability.

Know Where You Stand Against Every Regulator

Our 20-domain assessment gives you a single scorecard that satisfies DORA supervisors, FFIEC examiners, ISO 27001 auditors, and your own board — simultaneously.