In order to strengthen the cybersecurity measures in Indian securities market, and to ensure adequate cyber resiliency against cybersecurity incidents/ attacks, Securities and Exchange Board of India (SEBI) has released the Cybersecurity and Cyber Resilience Framework (CSCRF). The CSCRF aims to provide standards and guidelines for strengthening cyber resilience and maintaining robust cybersecurity of SEBI regulated entities (REs). This framework shall supersede existing SEBI cybersecurity circulars/ guidelines/ advisories/ letters.
REs shall put in place appropriate systems and procedures to ensure compliance with the provisions of CSCRF, and conduct cyber audit. Cyber audit reports along with other required documents shall be submitted as per timelines provided in the CSCRF.
The CSCRF is standards based and broadly covers the five cyber resiliency goals adopted from Cyber Crisis Management Plan (CCMP) of Indian Computer Emergency Response Team (CERT-In)- Anticipate, Withstand, Contain, Recover, Evolve. These cyber resiliency goals have been linked with the following cybersecurity functions - Governance, Identify, Protect, Detect, Respond, Recover.
