CERT-In releases comprehensive cybersecurity guidelines

In 2023, CERT-In issued guidelines on information security practices for government entities

With Information and Communication Technologies (ICT) now entrenched in
almost every facet of service delivery and operations, continuously evolving
cyber threats have become a concern for the Indian government. To protect ICT against cyber threats, the Indian Computer Emergency Response Team (CERT-In), recently issued guidelines on Information Security practices for government entities in-line with the Government of India’s objective to ensure that digital nagriks experience a safe and trusted internet. These guidelines serve the following purposes:

• Establish a prioritised baseline for cybersecurity measures and controls, within government organisations and their associated entities.     
• Assist security teams to implement baseline, and essential controls and procedures to protect their infrastructure from prominent threats.
• Act as a foundational document for administration and audit teams (internal, external/ third-party auditors).

Download the POV to learn more about the key highlights of the new CERT IN guidelines to outline specific best practices and procedures.

In 2022, CERT-In issued guidelines for reporting cyber incidents in India

The rapid pace of India’s digitalisation poses new security risks, as developments in emerging technologies is making an impact in various sectors. The multilayered digital ecosystem comprising infrastructure, technologies, applications, and devices is complex, and cybersecurity incidents are evolving at a breakneck pace.

Given this background, the Indian Computer Emergency Response Team (CERT-IN) issued a directive on 28 April 2022 mandating that all cybersecurity incidents need to be reported to CERT-IN within six hours from incident
identification/notification. Going forward, this new directive will help organisations strengthen their cybersecurity posture.

The CERT-IN directive is all set to become a law from 27 June 2022. Thesenew directives, released jointly by MeitY and CERT-IN to augment, carry out analysis, and investigate cyber incidents, falls under Sub-section (6) of Section 70B of the Information Technology Act, 2000.

Download the POV to learn more about the key highlights of the CERT IN directive for organisations to be cyber ready, to protect its people, infrastructure, and data.