2022 CERT-In Mandatory Guidelines for Security Breaches

Schedule a Call

CERT-In’s New and Mandatory Directives for Security Incidents

The Indian Computer Emergency Response Team (CERT-In) has stirred quite a noise with the announcement of its new and mandatory cyber security guidelines (announced on 28 April 2022) for all service providers, data centres, VPS providers, cloud service providers, VPN service providers, and government organisations.Failing to conform to the directives shall invite disciplinary action under sub-section (6) of section 70B of the Information Technology (IT) Act, 2000 and otherdisciplinary laws as applicable.

CERT-In’s Directives for Organizations

180-day ICT systems’ log retention

According to the new CERT-In guidelines, all service providers, data centres, intermediaries, body corporates and Government organizations are now mandated to enable the logs of all their Information and Communications Technology (ICT) systems and maintain the same in a secure manner for a period of 180 days i.e. 6 months approx.

Under the new CERT-In directive, all virtual private server providers, virtual private network service providers, data centres, and cloud service providers are required to register information such as validated names of users/subscribers, validated contact numbers and addresses, etc. for a period of 5 years or longer.

Further, the directive mandates all the virtual asset exchange providers, virtual asset service providers and custodian wallet providers to maintain all the information and records obtained as KYC or Know Your Customer of all financial transactions for a period of 5 years.

Log sources to retain include the following

Security Infrastructure Server Infrastructure Network Infrastructure Infrastructure-as-a-Service (IaaS)
Endpoint Detection & Response (EDR) Windows server Switches (via Syslog server) Microsoft Azure
Active Directory & Firewall Web server Routers (via Syslog server) Amazon Web Services (AWS)
Network IDS / IPS DNS server Google Cloud Platform (GCP)
Web Proxy Linux server
Data Loss Prevention (DLP) solution
Authentication

Mandatory 6-hour reporting of Security Incidents

As per CERT-In new release, all service providers, data centres, intermediaries, body corporate and Government organisations need to mandatorily report cyber incidents as mentioned in Annexure I to CERT-In within 6 hours of noticing a breach or attack.

Types of cyber security incidents that need to be mandatorily reported to CERT-In

  • Targeted scanning and/or probing of critical systems/networks
  • Critical data or system compromise
  • Unauthorised access to IT systems/data
  • Attack on website or malware intrusion through malicious code, infected links etc.
  • Attack on servers such as Mail, Database and DNS and network devices such as Routers
  • Identity Theft, web jacking, spoofing and phishing attacks
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
  • Attacks on Critical Infrastructure, SCADA and operational technology systems and Wireless networks
  • Attacks on Applications such as E-Governance, E-Commerce etc.
  • Data Breach and Data Leak
  • Attacks on Internet of Things (IoT) devices and associated systems, networks, software and servers
  • Attacks or incidents affecting Digital Payment systems/gateways
  • Unauthorised access and hacking of social media accounts
  • Attacks or malicious/unusual activities affecting Cloud systems, servers, software and applications
  • Attacks or malicious/abnormal activities affecting servers, systems, networks, applications, and software related to Blockchain, Big Data, virtual assets, virtual asset exchanges, Robotics, 3D and 4D Printing, custodian wallets, Drones, additive manufacturing, etc.
  • Malicious/suspicious activities or attacks affecting servers, systems, software and applications related to Artificial Intelligence (AI) and Machine Learning (ML).

Our CERT-In Compliant Cyber Security Offerings

CERT-In Essentials

    To meet CERT-In’s 180-day log retention requirement a comprehensive log management offering

  • Leverage industry-leading and advanced threat intelligence IBM platform and tools including IBM QRadar, IBM Watson AI, IBM X-Force, IBM MaaS360, IBM Verify Access, IBM Guardium and more utilized by 100+ customers

  • Flexible SLAs, deployment and engagement models

  • Competitive pricing to fit your budget and compliance needs

  • Faster TTV (time to value), comply in as soon as 2-3 weeks

  • Better interoperability and reduced TCO

Schedule a Demo

CERT-In Advanced

    To meet CERT-In’s incident monitoring and reporting requirement includes all-things CERT-In Essentials, plus the following

  • Powerful SIEM for real-time log management and security log monitoring

  • Deploy a powerful security framework to operate on integrated log data

  • Generate notifications and alerts for potential incidents

  • Leverage intelligent querying and dashboarding capabilities for investigations (IBM Watson AI)

  • Leverage integrated and smart ticketing capabilities for incident and log management

  • Monitor log-in attempts and report discrepancies in real-time

  • Consolidate logs on a centralized server

  • Deploy powerful security controls over logs with role-based access control & file integrity monitoring

  • Ensure prompt cyber incident response (powered by IBM QRadar and intelligence feeds from IBM X-Force)

Schedule a Demo

CERT-In Prime

    Get maximum ROI on CERT-In security compliances includes all-things CERT-In Advanced, plus the following

  • Deploy Linux/ Windows server monitoring use cases

  • Deploy powerful network device monitoring use cases

  • Deploy Azure/Amazon/GCP monitoring use cases and more

Futurism Technologies is a leading and trusted IBM Global Security Solutions

Partner with a state-of-the-art and fully equipped C-SOC (SOC 2 Type 2 Compliant) that offers CERT-In compliant cyber security services to organisations across the country.