On April 28, the Indian government’s Computer Emergency Response Team (CERT-In), the cyber response wing of Ministry of Electronics and IT (MeitY), issued a fresh order directing organizations (including service providers, intermediaries, data centers and corporate bodies) to report major security incidents, within six hours after notice.
In a move to improve incident response, protect organizational data/information and ICT infrastructure, the advisory stated: “CERT-In has issued directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents under the provisions of sub-section (6) of section 70B of the Information Technology Act, 2000. These directions will become effective after 60 days.”
The report added, “The directions cover aspects relating to synchronization of ICT system clocks; mandatory reporting of cyber incidents to CERT-In; maintenance of logs of ICT systems; subscriber/customer registrations details by Data centers, Virtual Private Server (VPS) providers, VPN Service providers, Cloud service providers; KYC norms and practices by virtual asset service providers, virtual asset exchange providers and custodian wallet providers. These directions shall enhance overall cyber security posture and ensure a safe & trusted Internet in the country.”
The rule is said to take effect within sixty days post the order’s release.
