SEBI's Cybersecurity and Cyber Resilience Framework (CSCRF)

SEBI's Cybersecurity and Cyber Resilience Framework (CSCRF)

Cybersecurity and Cyber Resilience Framework (CSCRF). is the new framework for Sebi-regulated entities to improve cyber security and cyber resilience. CSCRF is a standard-based framework and broadly covers the five cyber resiliency goals, i.e. 1. Anticipate, 2. Withstand, 3. Contain, 4. Recover, and 5. Evolve which are directly adopted from CERT-In Cyber Crisis Management Plan (CCMP), for countering Cyber Attacks and Cyber Terrorism.

Under this framework registered entities will be graded into five categories based on various parameters:?Market Infrastructure Institutions (MIIs);?Qualified REs;? Mid-size REs; Small-size REs and self-certification REs.

This CSCRF framework may give the following benefits to entities :

1. Cyber Risk Governance and Management Framework

2. Data classification and localization: To set up robust security controls for data generated / managed / processed by REs, CSCRF classifies data in two categories: ‘Regulatory Data’ and ‘IT and Cybersecurity Data’. While ‘Regulatory Data’ is mandatorily localized, dispensation for ‘IT and?Cybersecurity Data’ for offshoring has been given with suitable guardrails.

3. Implementation of the Security Operations Centre (SOC) and measuring its efficacy periodically

4. Guidelines for API security and mobile application security

5. Cyber Capability Index (CCI) to assess cyber resilience

6. Software Bill of Materials (SBOM) to mitigate supply chain risks

Date of Compliance: These new standards and practices will need to be adopted by five categories of entities that already have the regulator-prescribed cybersecurity and resilience structures in place by January 1, 2025; and by other entities by April 1, 2025.

The framework is applicable to SEBI-regulated entities

Typically merchant bankers, stock brokers, bankers to issues, debenture trustees, portfolio managers, DPs, registrars to issues, share transfer agents, etc. these entities are regulated by SEBI.


Cyber Security Assurance Services series by Adv (Dr.) Prashant Mali, [email protected]


Atul Juvle

Consulting GC, Board Member & Sr. GRC Advisor.

5 个月

Thank you for sharing crisp and clear

回复
Madhav Chablani

Consulting CIO | Intrapreneur | Mentor | Fintech , Healthtech , Cloud Security | Advisor , Architect , Analyst & Auditor

5 个月

Seems this is approved by board , but yet to be released. In case you have copy or source , kindly send me link .

Ganesh Balaraman , CISSP

Vice President & Head- Enterprise Security, AI ,Cloud

5 个月

Well Done Prashant. Good coverage.

Arjun Bhaskaran

Vice President - Cyber, Data Protection

5 个月

Adv (Dr.) Prashant Mali ? [MSc(Comp Sci), LLM, Ph.D.] Thank you. Has been in the works for long. Set to have transformational impact, with DPDP in the wings.

Arjun Bhaskaran

Vice President - Cyber, Data Protection

5 个月

要查看或添加评论,请登录

社区洞察

其他会员也浏览了