SEBI issues new cybersecurity framework

The decision to release the Cybersecurity and Cyber Resilience Framework (CSCRF), which was developed following consultation with stakeholders, can be attributed to the current environment in India, where cyber attacks are increasing, making the overall financial landscape vulnerable. At the same time, the newly issued framework is set to replace the existing cybersecurity circulars and guidelines for the entities regulated by SEBI. When it comes to small regulated entities, the authority underlined that stock exchanges NSE and BSE intend to publish market Security Operation Centres (SOCs) to support them in meeting the requirements imposed by the new framework.

Moreover, it is mentioned that these SOCs are set to offer cybersecurity solutions customised to the needs of small entities, which plans to ensure that they achieve cyber resilience regardless of resources. Also, all regulated entities need to establish suitable security monitoring mechanisms via SOCs. SEBI underlined that the onboarding of SOC can be conducted via a regulated entity’s SOC or market SOC, as well as through any other third-party managed one for constant monitoring of security episodes and timely detection of odd activities.

Additionally, SEBI aims to implement the framework in two phases, with the first one focusing on entities ensuring compliance by January 2025 and the second one by April 2025. After the provided deadlines, regulated entities are assumed to undergo cybersecurity audits considering the CSCRF and submit reports to the authorities within the stipulated timelines.

Source: Link