DORA Regulation

18 rules checking EU Digital Operational Resilience Act (2022/2554) compliance for financial entities. DORA establishes uniform requirements for the security of network and information systems supporting business processes in the financial sector.

Rule ID	Severity	DORA Reference	Category	Summary
DORA-NET-001	HIGH	Art. 9(3)(a)	Insecure Protocols	Unencrypted protocol detected
DORA-NET-002	CRITICAL	Art. 7(1)	Deprecated Protocols	Deprecated or broken protocol detected
DORA-NET-010	CRITICAL	Art. 9(4)(b), Art. 9(4)(c)	Overly Permissive	Any-to-any unrestricted traffic
DORA-NET-011	CRITICAL	Art. 9(4)(c)	Overly Permissive	Overly broad source address
DORA-NET-012	CRITICAL	Art. 9(4)(c)	Overly Permissive	Overly broad destination address
DORA-NET-013	CRITICAL	Art. 9(4)(c)	Overly Permissive	All ports or wide port range allowed
DORA-NET-014	HIGH	Art. 9(2)	Overly Permissive	All protocols (ANY) allowed
DORA-NET-020	CRITICAL	Art. 9(4)(c)	Network Segmentation	Direct internet-to-internal access
DORA-NET-021	CRITICAL	Art. 9(4)(c)	Database Exposure	Database ports exposed from broad source
DORA-NET-030	CRITICAL	Art. 9(4)(c)	Remote Access	Remote admin from external without VPN
DORA-NET-031	HIGH	Art. 9(4)(c)	Administrative Access	Admin protocols from broad sources
DORA-NET-032	HIGH	Art. 9(4)(c), Art. 28(5)	Third-Party ICT	Third-party ICT access from overly broad source
DORA-NET-033	CRITICAL	Art. 9(4)(c)	Financial Messaging	Financial messaging infrastructure ports exposed
DORA-NET-034	CRITICAL	Art. 9(4)(c)	Container Exposure	Container/orchestration APIs exposed
DORA-NET-035	CRITICAL	Art. 9(4)(c)	Risky Service Exposure	High-risk service from broad source
DORA-NET-036	MEDIUM	Art. 9(2)	DNS and Covert Channels	DNS as covert channel from internal segment
DORA-NET-037	CRITICAL	Art. 9(4)(b)	ICS/SCADA Isolation	ICS/SCADA protocols crossing zone boundaries
DORA-NET-038	MEDIUM	Art. 9(2)	Rule Documentation	No application name or business justification

NIS2 Directive MITRE ATT&CK