Here’s the best way to prep your IT infrastructure and manpower for these new cybersecurity directives
12.67 lakh was the number of Cyber Attacks registered in India till November 2022. With this severity there was a rising need of stringent directives and guidelines in order to enhance and strengthen the cyber security of the country. It was on 28th April 2022 when the Computer Emergency Response Team (CERT-In), a department working under the Ministry of Electronics and Information Technology (MeitY), issued new policies and procedures under subsection (6) of section 70B of the Information Technology Act, 2000, relating to information security practices, procedures, prevention, response and reporting of cyber incidents for Safe & Trusted Internet. This was in line with the directive to enhance and improve cyber security in the country. The directions were to be effective from 60 days from the date of the issue of the guidelines.
Following are some of the major requisites mentioned in the guidelines
Time Clock Synchronization to NTP servers of NIC
All the service providers, Data Centers, intermediaries, government organizations, and body corporates in India shall compulsorily connect and synchronize their time with either the Network Time Protocol (NTP) server of the National Informatics Center (NIC) or the National Physical Laboratory (NPL), or with servers traceable to these NTP servers.
Cyber Incidents Reporting Within 6 Hours to CERT-In
In case of incidents all the service providers, intermediary, Data Center Government Organization, or a body corporate will here on have an obligation to report these incidents within 6 hours of noticing or being brought to notice about such incidents via email, phone or fax.
Single POC to Communicate with CERT-In
The service providers, intermediary, Data Center, Government Organization, or a body corporate must designate a single point of contact to interface with CERT-In, who when ordered or directed by CERT-In must take action or provide information or any similar assistance in a defined format to CERT-In that will contribute towards cyber security mitigation actions and enhanced cyber security situational awareness.
Maintain 180 Days Logs
It will be mandatory for all service providers, intermediaries, Data Centers, body corporate, and Government organisations to securely maintain logs of their ICT systems for a rolling period of 180 days within the Indian jurisdiction.