LogoRegulatory Alerts
2022-01-01

Circular No. 281 Evaluation and Strengthening of the Information Technology Environment

The Palestine Monetary Authority requires all Palestinian banks to submit a cybersecurity assessment report and corrective action timeline by December 31, 2022. Institutions must implement DDoS mitigation controls, restrict encryption key usage to internal networks, and obtain prior regulatory approval before deploying any cloud-based security solutions. Furthermore, banks are mandated to conduct specialized DDoS simulation exercises, execute required penetration testing, and demonstrate full compliance with PCI-DSS standards per Circular No. 6/2022.

Palestine Monetary Authority logo

Palestine

Palestine Monetary Authority

Click to view thumbnail

Palestine Monetary Authority PALESTINE MONETARY AUTHORITY

Circular No. (281 / 2022) To all banks operating in Palestine Date: Wednesday, November 09, 2022

Subject: Evaluation and Strengthening of the Information Technology Environment

In order to mitigate the cyber risks that the banking sector may face, to prevent negative impacts on the safety and continuity of bank operations amid rising cyber threats, and to limit anticipated risks to the banking sector, and based on best standards and practices and our relevant instructions, all banks are required to provide the Palestine Monetary Authority with a report and a corrective action timeline by no later than December 31, 2022, regarding:

  1. Implementing solutions to protect the bank from DDoS attacks and ensuring that encryption keys are not used outside the bank's scope, and notifying the Palestine Monetary Authority of any cloud computing-based solutions or measures adopted or to be adopted in the future for DDoS protection prior to implementation or contracting.
  2. Conducting simulated attack scenarios, particularly DDoS attacks, through specialized companies, measuring the ability to handle them and maintain the continuity of services and systems, and determining the threshold the bank can withstand, following the implementation of DDoS solutions.
  3. Conducting the penetration test stipulated in Article (12), clause (4) of Circular No. (6\2022) regarding the regulation of the information technology environment.
  4. Compliance with the Payment Card Industry Data Security Standard (PCI-DSS) stipulated in Article (12), clause (1) of Circular No. (6\2022) regarding the regulation of the information technology environment.

Supervisory Group Palestine Monetary Authority

www.pma.ps Ramallah & Al-Bireh Governorate - Palestine P.O. Box 452 Phone: +970 2 2415251 | Fax: +970 2 2415310 | info@pma.ps Gaza - Palestine P.O. Box 4026 Phone: +970 8 2825713 | Fax: +970 8 2844447

Share