CERT-IN Directions on Information Security Reporting

CERT-IN Directions on Information Security Reporting

Indian Computer Emergency Response Team (CERT-In), Ministry of Electronics and Information Technology (MeitY), directions under sub-section (6) of section 70B of the Information Technology Act, 2000 relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet, issued directions to

  • Service providers
  • Intermediaries
  • Data centers
  • Body corporate
  • Government organizations

Requires to report cyber incidents (20 incident types) within 6 hours of noticing such incidents or being brought to notice about such incidents to CERT-IN. Directive comes in to effect on 27th June 2022.

Also required to furnish any type of information asked for, by CERT-IN within stipulated time, failure to provide details could result to punitive action under any applicable laws and section 70B (7) of the IT act, whereby any non-compliance with the provisions of section 70B (6) of the IT Act attracts punishment or imprisonment up to 1 year or a fine up to 1,00,000/- or both.

In a nutshell, following are the key actionable customers must review and take to ensure that the organization is ready to comply with the directions from CERT-IN.

Requirement Customer Actions Required
(i)All service providers, intermediaries, data centers, body corporate and Government organizations shall connect to the Network Time Protocol (NTP) Server of National Informatics Centre (NIC) or National Physical Laboratory (NPL) or with NTP servers traceable to these NTP servers, for synchronization of all their ICT systems clocks. Entities having ICT infrastructure spanning multiple geographies may also use accurate and standard time source other than NPL and NIC, however it is to be ensured that their time source shall not deviate from NPL and NIC Integrate with NTP Servers of NIC or the infrastructure mentioned in the Directions.
(ii) Any service provider, intermediary, data centre, body corporate and Government organisation shall mandatorily report cyber incidents as mentioned in Annexure I to CERT-In within 6 hours of noticing such incidents or being brought to notice about such incidents. Implement a Security Operations Center and ensure that the type of incidents mentioned in the Direction is covered under SOC monitoring.
(iii) The service providers, intermediaries, data centres, body corporate and Government organisations shall designate a Point of Contact to interface with CERT-ln. The Information relating to a Point of Contact shall be sent to CERT-In. All communications from CERT-In seeking information and providing directions for compliance shall be sent to the said Point of Contact. Designate a Point of Contact from your organization to interact with CERT-IN
(iv)All service providers, intermediaries, data centres, body corporate and Government organisations shall mandatorily enable logs of all their ICT systems and maintain them securely for a rolling period of 180 days and the same shall be maintained within the Indian jurisdiction. These should be provided to CERT-In along with reporting of any incident or when ordered / directed by CERT-ln. Ensure Logging of Systems and storage of logs for 180 days
(v)Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers, shall be required to register the following accurate information which must be maintained by them for a period of 5 years or longer Ensure logging of data and minimum retention of 5 years.

What Customers Should Do?

We recommend customers to undertake following actions:

  • Review critical assets of your organization and status of integration with SOC
  • Verify that logs required to detect security incidents as per CERT-IN directions
  • Ensure that critical logs are enabled on your assets and is integrated with SOC
  • Review additional monitoring requirements such as Mobile Risks, if applicable
  • Nominate a person to interact with Cert-IN who understands requirements

What CyberNX can do for you?

CyberNX through Peregrine SOC continues can monitor infrastructure, cloud and applications for Cyber Security incidents and alert any potential incidents or anomalies. CyberNX can also assist customers to setup the log aggregation and storage requirement of 180 days. Customers can consider following services from CyberNX:

  • Implement a Security Operations Center (SOC) and address security reporting requirements as required in the CERTIN Circular
  • Setup a Brand risk / Digital risk monitoring service to identify phishing domains, fake domains and fake mobile applications and take them down.
  • Setup a log aggregation and storage mechanism to address 180 days of log storage requirements.

Download CERT-IN Directions on Information Security Reporting


FAQ's for CERT-IN Directions on Information Security Reporting

The "Indian Computer Emergency Response Team" (CERT-In) is the country's official agency for responding to cyber security crises and taking preventative steps to avoid them. In accordance with the requirements of Section 70B (1) of The Information Technology Act of 2000, CERT-In has been appointed by the Central Government by notice dated October 27, 2009. (IT Act, 2000)
collection, analysis and dissemination of information on cyber incidents. forecast and alerts of cyber security incidents. Emergency measures for handling cyber security incidents. Coordination of cyber incident response activities. Issue guidelines, advisories, vulnerability notes and whitepapers relating to information security practices, procedures, prevention, response and reporting of cyber incidents. such other functions relating to cyber security as may be prescribed.
The number of Indians who have access to the Internet and utilise it for business, education, banking, and a wide range of other applications and services, including digital government services, is expected to reach over 120 billion in the next few years. The Internet has experienced an increase in creativity, but at the same time, crimes, user injury, and other issues with online safety have increased.
CERT-In (the Indian Computer Emergency Response Team) is a government-mandated information technology (IT) security organization. The purpose of CERT-In is to respond to computer security incidents, report on vulnerabilities and promote effective IT security practices throughout the country.
The Ministry of Electronics and Information Technology is responsible for CERT-In. The Information Technology (Amendment) Act of 2008 recognised CERT-In as a statutory organisation to act as the country's agency for cyber security. proactive involvement in cyberspace security in India.
An organization's cybersecurity issues must be protected from, detected, and responded to by a team of information security professionals known as a Computer Emergency Response Team (CERT).
The national nodal agency for reacting to events involving computer security is CERT-In, a functional division of the Ministry of Communications & Information Technology of the Government of India.
The Community Emergency Response Team (CERT) Program instructs individuals in basic disaster response techniques, such as fire safety, light search and rescue, team organisation, and disaster medical operations, and raises their awareness of disaster readiness for threats that might affect their region.
Any information security compromise, breach, attempt, security vulnerability, breach of security rules or guidelines, leak, or unauthorised access to data or systems must be reported to NIC-CERT promptly upon discovery, and NIC-CERT will address it.
An organisational framework enables CERT leaders and members to respond with more effectiveness and focus. The team's safety is aided by a management structure and accountability system. Additionally, organisation improves the efficiency of information management, communication, and activity documentation.

Schedule A Call:

Captcha Image

By clicking on the 'Submit' button you agree that you have read, and accept the Terms Of Use and Privacy Policy.


Our Key Services


Latest Blogs