CERT-IN Directions on Information Security Reporting
Indian Computer Emergency Response Team (CERT-In), Ministry of Electronics and Information Technology (MeitY), directions under sub-section (6) of section 70B of the Information Technology Act, 2000 relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet, issued directions to
- Service providers
- Data centers
- Body corporate
- Government organizations
Requires to report cyber incidents (20 incident types) within 6 hours of noticing such incidents or being brought to notice about such incidents to CERT-IN. Directive comes in to effect on 27th June 2022.
Also required to furnish any type of information asked for, by CERT-IN within stipulated time, failure to provide details could result to punitive action under any applicable laws and section 70B (7) of the IT act, whereby any non-compliance with the provisions of section 70B (6) of the IT Act attracts punishment or imprisonment up to 1 year or a fine up to 1,00,000/- or both.
In a nutshell, following are the key actionable customers must review and take to ensure that the organization is ready to comply with the directions from CERT-IN.
|Requirement||Customer Actions Required|
|(i)All service providers, intermediaries, data centers, body corporate and Government organizations shall connect to the Network Time Protocol (NTP) Server of National Informatics Centre (NIC) or National Physical Laboratory (NPL) or with NTP servers traceable to these NTP servers, for synchronization of all their ICT systems clocks. Entities having ICT infrastructure spanning multiple geographies may also use accurate and standard time source other than NPL and NIC, however it is to be ensured that their time source shall not deviate from NPL and NIC||Integrate with NTP Servers of NIC or the infrastructure mentioned in the Directions.|
|(ii) Any service provider, intermediary, data centre, body corporate and Government organisation shall mandatorily report cyber incidents as mentioned in Annexure I to CERT-In within 6 hours of noticing such incidents or being brought to notice about such incidents.||Implement a Security Operations Center and ensure that the type of incidents mentioned in the Direction is covered under SOC monitoring.|
|(iii) The service providers, intermediaries, data centres, body corporate and Government organisations shall designate a Point of Contact to interface with CERT-ln. The Information relating to a Point of Contact shall be sent to CERT-In. All communications from CERT-In seeking information and providing directions for compliance shall be sent to the said Point of Contact.||Designate a Point of Contact from your organization to interact with CERT-IN|
|(iv)All service providers, intermediaries, data centres, body corporate and Government organisations shall mandatorily enable logs of all their ICT systems and maintain them securely for a rolling period of 180 days and the same shall be maintained within the Indian jurisdiction. These should be provided to CERT-In along with reporting of any incident or when ordered / directed by CERT-ln.||Ensure Logging of Systems and storage of logs for 180 days|
|(v)Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers, shall be required to register the following accurate information which must be maintained by them for a period of 5 years or longer||Ensure logging of data and minimum retention of 5 years.|
What Customers Should Do?
We recommend customers to undertake following actions:
- Review critical assets of your organization and status of integration with SOC
- Verify that logs required to detect security incidents as per CERT-IN directions
- Ensure that critical logs are enabled on your assets and is integrated with SOC
- Review additional monitoring requirements such as Mobile Risks, if applicable
- Nominate a person to interact with Cert-IN who understands requirements
What CyberNX can do for you?
CyberNX through Peregrine SOC continues can monitor infrastructure, cloud and applications for Cyber Security incidents and alert any potential incidents or anomalies. CyberNX can also assist customers to setup the log aggregation and storage requirement of 180 days. Customers can consider following services from CyberNX:
- Implement a Security Operations Center (SOC) and address security reporting requirements as required in the CERTIN Circular
- Setup a Brand risk / Digital risk monitoring service to identify phishing domains, fake domains and fake mobile applications and take them down.
- Setup a log aggregation and storage mechanism to address 180 days of log storage requirements.