This circular outlines the Cybersecurity and Cyber Resilience ...
Comprehensive framework for cybersecurity and resilience across SEBI regulated entities, covering five cyber resiliency goals.
Circulars SEBI
August 23, 2024
This circular outlines the Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities (REs). It supersedes existing cybersecurity circulars and aims to strengthen cyber resilience by providing standards and guidelines. The framework covers five cyber resiliency goals: Anticipate, Withstand, Contain, Recover, and Evolve, linked to cybersecurity functions like Governance, Identify, Protect, Detect, Respond, and Recover. REs are classified into five categories based on operations and thresholds. The framework provides structured methodology, guidelines, compliance formats, and annexures. It highlights governance, supply chain risk management, data classification, localization, API security, Security Operations Centre (SOC), Software Bill of Materials (SBOM). Smaller REs must establish SOC through Market SOC. Compliance timelines, audit requirements, and reporting mechanisms are specified. The framework is applicable to various REs like AIFs, brokers, depositories, mutual funds, and aims to ensure cyber resilience against incidents and attacks.
View Source