scope:

This guidance document is a subset of TfL's Cyber Security Risk Management Policy P123 and the Cyber Security Testing Standard S1746 (see Diagram 1 below) The Cyber Security Testing Guidance outlines the initial identification and testing stage of Vulnerability Management.

This guidance applies to all of TfL namely System Owners (Business Owners) and System Administrators (Asset Owners) within TfL T&D, London Underground and Surface Transport as well as third parties who manage systems on TfL's behalf.

Purpose

The purpose of this document is to provide Cyber Security Testing guidance aligned to the TfL Cyber Security Testing standard S1746.

The document is designed to support and provide guidance to TfL System Owners (Business Owners), System Administrators (Asset Owners) and the Cyber Security and Incident Response Team (CSIRT).