SEBI's Cybersecurity and Cyber Resilience Framework (CSCRF)
Adv (Dr.) Prashant Mali ? [MSc(Comp Sci), LLM, Ph.D.]
Adv (Dr.) Prashant Mali ? [MSc(Comp Sci), LLM, Ph.D.]
Cyber Law, Cyber Security, Privacy & AI Thought Leader, Practicing International Lawyer, Author, Researcher, Board Member, Keynote Speaker on Cyber, Privacy, AI & Cyber Public Policy Influencer and TV Personality
Cybersecurity and Cyber Resilience Framework (CSCRF). is the new framework for Sebi-regulated entities to improve cyber security and cyber resilience. CSCRF is a standard-based framework and broadly covers the five cyber resiliency goals, i.e. 1. Anticipate, 2. Withstand, 3. Contain, 4. Recover, and 5. Evolve which are directly adopted from CERT-In Cyber Crisis Management Plan (CCMP), for countering Cyber Attacks and Cyber Terrorism.
Under this framework registered entities will be graded into five categories based on various parameters:?Market Infrastructure Institutions (MIIs);?Qualified REs;? Mid-size REs; Small-size REs and self-certification REs.
This CSCRF framework may give the following benefits to entities :
1. Cyber Risk Governance and Management Framework
2. Data classification and localization: To set up robust security controls for data generated / managed / processed by REs, CSCRF classifies data in two categories: ‘Regulatory Data’ and ‘IT and Cybersecurity Data’. While ‘Regulatory Data’ is mandatorily localized, dispensation for ‘IT and?Cybersecurity Data’ for offshoring has been given with suitable guardrails.
3. Implementation of the Security Operations Centre (SOC) and measuring its efficacy periodically
4. Guidelines for API security and mobile application security
5. Cyber Capability Index (CCI) to assess cyber resilience
6. Software Bill of Materials (SBOM) to mitigate supply chain risks
Date of Compliance: These new standards and practices will need to be adopted by five categories of entities that already have the regulator-prescribed cybersecurity and resilience structures in place by January 1, 2025; and by other entities by April 1, 2025.
The framework is applicable to SEBI-regulated entities
Typically merchant bankers, stock brokers, bankers to issues, debenture trustees, portfolio managers, DPs, registrars to issues, share transfer agents, etc. these entities are regulated by SEBI.
Cyber Security Assurance Services series by Adv (Dr.) Prashant Mali, [email protected]
Consulting GC, Board Member & Sr. GRC Advisor.
5 个月Thank you for sharing crisp and clear
Consulting CIO | Intrapreneur | Mentor | Fintech , Healthtech , Cloud Security | Advisor , Architect , Analyst & Auditor
5 个月Seems this is approved by board , but yet to be released. In case you have copy or source , kindly send me link .
Vice President & Head- Enterprise Security, AI ,Cloud
5 个月Well Done Prashant. Good coverage.
Vice President - Cyber, Data Protection
5 个月Adv (Dr.) Prashant Mali ? [MSc(Comp Sci), LLM, Ph.D.] Thank you. Has been in the works for long. Set to have transformational impact, with DPDP in the wings.
Vice President - Cyber, Data Protection
5 个月Adv MS Anilkumar