The Indian Computer Emergency Response Team (CERT-In) has announced mandatory new cyber security guidelines on 28 April 2022 for all service providers, intermediaries, data centres, body corporate and Government organizations . The failure to furnish the information or non-compliance with the ibid. directions may invite punitive action under sub-section (7) of section 70B of the IT Act, 2000, and other laws as applicable.
All service providers, intermediaries, data centers, body corporates, and Government organizations are mandated to enable the logs of all their ICT systems and maintain them securely for a rolling period of 180 days. Indian jurisdiction will maintain the same.
| Security infrastructure | Server Infrastructure |
|---|---|
| Endpoint protection (EDR, AV) | Windows server |
| Firewalls | Linux server |
| Active Directory | Web server |
| Web Proxy | DNS server |
| Network IDS / IPS | IaaS |
| Authentication | AWS |
| DLP solution | Azure |
| Network Infrastructure | GCP |
| Routers (via syslog server) | |
| Switches (via syslog server) |
Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents as mentioned in Annexure I to CERT-In within 6 hours of noticing such incidents or being brought to notice about such incidents.
| Types of cyber security incidents mandatorily to be reported |
|---|
| Compromise of critical systems/information |
| Unauthorised access of IT systems/data |
| Defacement of website or intrusion into a website and unauthorised changes such as inserting malicious code, links to externa |
| Attack on servers such as Database, Mail and DNS and network devices such as Routers |
| Identity Theft, spoofing and phishing attacks |
| Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks |
| Attacks on Critical infrastructure, SCADA and operational technology systems and Wireless networks |
| Attacks on Application such as E-Governance, E-Commerce etc. |
| Data Breach |
| Data Leak |
| Attacks on Internet of Things (IoT) devices and associated systems, networks, software, servers |
| Attacks or incident affecting Digital Payment systems |
| Unauthorised access to social media accounts |
| Attacks or malicious/ suspicious activities affecting Cloud computing systems/servers/software/applications |
| Attacks or malicious/suspicious activities affecting systems/ servers/networks/ software/ applications related to Big Data, Block chain, virtual assets, virtual asset exchanges, custodian wallets, Robotics, 3D and 4D Printing, additive manufacturing, Drones |
Log Management
A complete Log Management Solution:
Log Management + Security Analytics
Everything in Essential, plus:
Log Management + Security Analytics + IT Operations Analytics (ITOA)
Everything in Advanced, plus:
