cybersecurity guidelines: the government publishes new cybersecurity guidelines


Pune: All companies and businesses will be required to report all cyber incidents to the Computer Emergency Response Team India (CERT-In) in accordance with the new guidelines issued under Section 70b of the Computer Act.

This is to coordinate response activities as well as contingency measures regarding cybersecurity incidents, CERT-In said in a statement.

It is mandatory for all service providers, intermediaries, data centers, corporate bodies and government organizations to enable logs of all their ICT systems and maintain them securely for a continuous period of 180 days in Indian jurisdiction. “These should be provided to CERT-In with the reporting of any incident or when commissioned/directed by CERT-In,” per the guidelines. These rules will come into effect 60 days after their publication.

During the management of cyber incidents and interactions with the constituency, CERT-In has identified certain gaps that hinder the analysis of incidents. To address the gaps and issues identified to facilitate incident response measures, CERT-In has issued Instructions for Information Security Practices, Procedure, Prevention, Response and Reporting. cyber incidents under the provisions of subsection (6) of Section 70B. of the Information Technology Act 2000. These instructions will come into effect after 60 days, according to a declaration.

“To effectively combat cybercrime, it is mandatory for all businesses to report cyber incidents to @IndianCERT, New #CyberSecurity Guidelines for a #SafeAndTrusted Internet issued under Section 70b of the IT Act,” the Minister of State said of the Union for Electronics and Computers Rajeev Chandrasekhar on the microblogging platform Twitter.

Other guidelines include synchronization of ICT system clocks, maintenance of ICT system logs; subscriber/customer registration details by data centers, virtual private server (VPS) providers, VPN service providers, cloud service providers; KYC standards and practices by virtual asset service providers, virtual asset exchange providers and depository wallet providers. The list of reportable cyber incidents includes data leaks and breaches, attacks on mobile applications, unauthorized access to computer systems, and identity theft and phishing attacks.

Discover the stories that interest you

Stay on top of tech news and startups that matter. Subscribe to our daily newsletter for the latest must-have tech news, delivered straight to your inbox.
Previous What is clickjacking and how can hackers steal your confidential data? All you need to know
Next Microsoft fixes Azure ExtraReplica bugs that exposed user databases