Skip to content
Schedule a Call
Call Now

IndianCERT Mandates Organizations In India To Report Cybersecurity Breach Incidents Within 6 Hours

Article by Tsaaro

7 min read

Introduction

In the light of rising cyber-attack incidents in the country and during the course of handling cyber incidents and interactions within the constituency, The Indian Computer Emergency Response Team (CERT-In) has identified certain gaps causing hindrance in incident analysis. In order to address these identified gaps & issues and to facilitate incident response measures, CERT-In on 28th April 2022 has issued directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents under the provisions of sub-section (6) of section 70B of the Information Technology Act, 2000. One of the key directions was that CERT-In mandated that any service provider, body corporate, and government organization must report cyber incidents to it within 6 hours of becoming aware of them. These directions will become effective after 60 days.

As per section 70B of the Information Technology Act of 2000, CERT-In operates as the national agency for performing various functions in the sphere of cyber security in the country. It continuously analyses cyber threats and handles cyber incidents tracked and reported to it and regularly issues advisories to organizations and users to enable them to protect their data, information and ICT infrastructure. It also takes emergency actions in the event of a cyber security incident, and is thus authorized to obtain information from service providers, intermediaries, data centers, and corporate bodies.

The latest CERT-In directives are released with the aim of boosting the country’s overall cyber security posture and providing a safe and trusted internet. It covers aspects relating to synchronization of ICT system clocks, mandatory reporting of cyber incidents, maintenance of logs of ICT systems, subscriber or customer registrations details by Data centers, Virtual Private Server (VPS) providers, VPN Service providers, Cloud service providers, KYC norms and practices by virtual asset service providers, virtual asset exchange providers and custodian wallet providers.

In the directions, CERT-In stated that it is necessary to issue the following directions to augment and strengthen cyber security in the country in the interests of India’s sovereignty, integrity, defense, security, and public order, to maintain friendly relations with foreign states and to prevent incitement to the commission of any cognizable offense using computer resources.

Let's now take a closer look at this directive:

1. ICT Synchronization:

CERT-In has mandated that all service providers, intermediaries, data centers, body corporate, and government organizations shall connect to the Network Time Protocol (NTP) Server of National Informatics Center (NIC) or National Physical Laboratory (NPL) or with NTP servers traceable to these NTP servers, for synchronization of all their ICT systems clocks.

It further stated that organizations with ICT infrastructure in several geographies may employ accurate and standard time sources other than NPL and NIC, but they must ensure that their time sources do not differ from NPL and NIC.

2. Mandatory reporting of cyber-incidents within 6 hours of their occurrence:

CERT-In also mandated that any service provider, intermediary, data center, body corporate, and government organization must report cyber incidents to it within 6 hours of becoming aware of them or being made aware of them.

These incidents can be reported to CERT-In via email (incident@cert-in.org.in), Phone (1800- 11-4949) and Fax (1800-11-6969) and details regarding methods and formats of reporting cyber security incidents is also published on the website of CERT-In www.cert-in.org.in.

3. Facilitation in cyber security mitigation actions and appointing a point of contact to communicate with CERT -In:

The directions also provide that when CERT-In issues an order or directs action, the service provider, intermediary, data center, or body corporate is required to take action, give information, or provide any other assistance with regards to cyber incident response, protective and preventive actions relating to cyber incidents that may contribute to cyber security mitigation actions and improved cyber security situational awareness.

Furthermore, it states that the above-mentioned providers must designate a Point of Contact to communicate with CERT-In, and that any communications from CERT-In requesting information and offering compliance instructions must be forwarded to the designated Point of Contact.

4. ICT system logs must be enabled and maintained for 180 days:

The directives further specified that all providers must enable logs of all their ICT systems and maintain them securely for a rolling period of 180 days, all of which must be kept within Indian jurisdiction. Details of which should be submitted to CERT-In in conjunction with any incident reporting or when it is ordered or directed by it.

5. Mandatory registration and maintenance of the information for a minimum period of 5 years:

The directive further stated that Data Centers, Virtual Private Server (VPS) providers, Cloud Service providers, and Virtual Private Network Service (VPN Service) providers must register and keep the information listed below for a period of 5 years or longer, as required by law. The information contains:

a) Validated names of subscribers/customers hiring the services

b) Period of hire including dates

c) IPs allotted to / being used by the members

d) Email address and IP address and time stamp used at the time of registration / on-boarding

e) Purpose for hiring services

f) Validated address and contact numbers

g) Ownership pattern of the subscribers / customers hiring services

6. Mandatory maintenance of Information received through KYC and financial transaction records for a period of 5 years:

In light of the expansion of virtual assets, the directives further stated that in order to provide cyber security in the areas of payments and financial markets for citizens. All information received as part of Know Your Customer (KYC) and records of financial transactions must be maintained for a period of 5 years by virtual asset service providers, virtual asset exchange providers, and custodian wallets.

Get in touch with us to get better equipped to handle Incident Response.

1,204 thoughts on “IndianCERT Mandates Organizations In India To Report Cybersecurity Breach Incidents Within 6 Hours”

  237. su arıtma servisi

    zmir’de güvenilir bir su arıtma servisi bulmak oldukça zor olabiliyor.
    Ancak tavsiyelerle bulduğum bu servis gerçekten kaliteli
    hizmet sunuyor. Arıza ve bakım işlemleri çok hızlı yapıldı!

    İzmir’deki suyun kalitesi bazen sorun olabiliyor, bu yüzden düzenli
    su arıtma cihazı bakımı yaptırmak şart. İzmir su arıtma servisi gerçekten işini profesyonel yapıyor.

    Su arıtma cihazı bakımımı İzmir su arıtma servisi ile yaptırdım ve sonuçtan çok memnunum.
    Ekonomik fiyatlarla harika bir hizmet sundular.

    İzmir gibi büyük bir şehirde güvenilir bir su arıtma servisi bulmak
    çok önemli. Bu servis, hem cihaz kurulumu hem de filtre değişimi konusunda çok hızlı ve
    etkili çalışıyor.

    İzmir su arıtma servisi, hem ürün kalitesi hem de müşteri hizmetleri ile beni
    oldukça memnun etti. Uzman ekibi sayesinde cihazım çok daha
    verimli çalışıyor.

    Su arıtma cihazım için düzenli bakım yaptırmak önemliydi
    ve bu servis gerçekten işinde uzman. Hem filtre değişimi hem de
    cihaz temizliği hızlı bir şekilde tamamlandı.

    Su arıtma servisi arayışındaysanız bu ekibi kesinlikle tavsiye ederim.
    Hem profesyonel hem de çok uygun fiyatlı hizmet sağlıyorlar.

    Arıtma cihazımızın performansı düşmüştü,
    ancak su arıtma servisi sayesinde cihaz adeta yenilendi.
    Suyu artık çok daha berrak ve lezzetli!

    Birçok farklı servis denedikten sonra burayı buldum.
    Su arıtma servisi konusunda gerçekten güvenilir bir adres.
    Hizmet kalitesi oldukça yüksek.

    Evimizde uzun süredir kullandığımız su arıtma cihazı
    için filtre değişimi yaptırdık. Su arıtma servisi ekibi işini özenle yapıyor
    ve detaylı bilgi veriyor.

  401. rpmznglyk

    In order to successfully add a block, Bitcoin miners compete to solve extremely complex math problems that require the use of expensive computers and enormous amounts of electricity. To complete the mining process, miners must be first to arrive at the correct or closest answer to the question. The process of guessing the correct number (hash) is known as proof of work. Miners guess the target hash by randomly making as many guesses as quickly as they can, which requires major computing power. The difficulty only increases as more miners join the network. Fortress Technologies is now Cathedra Bitcoin – read the news release here! It’s worth noting that many cryptocurrencies already use much less energy-intensive processes than Bitcoin’s proof of work. Smaller blockchains like Solana and Avalanche use a security mechanism called proof of stake, which Ethereum Foundation researchers claim reduces energy usage by more than 99% compared to Bitcoin’s system. Ethereum, the second largest blockchain behind Bitcoin, is in the process of switching from proof of work to proof of stake this year.
    https://formulamasa.com/elearning/members/carconfnessta1988/?v=96b62e1dce57
    Shiba Inu (SHIB) ranks 16th on CoinMarketCap in terms of its market capitalization. The overview of the Shiba Inu price prediction for 2023 is explained below with a daily time frame. All investments involve the risk of loss and the past performance of a security or a financial product does not guarantee future results or returns. You should consult your legal, tax, or financial advisors before making any financial decisions. This material is not intended as a recommendation, offer, or solicitation to purchase or sell securities, open a brokerage account, or engage in any investment strategy. The Carolina Hurricanes NHL team are one of the latests professional sports organizations to embrace crypto. Shop their pro shop and use SHIB to buy your Canes gear. Additional pro teams that accept SHIB include The Sacramento Kings (NBA) and Dallas Mavericks (NBA).

  413. advogado de trabalho

    Thank you a lot for sharing this with all of us you really realize what you’re speaking about! Bookmarked. Kindly additionally seek advice from my website =). We may have a link change contract among us!

  415. asset protection

    Just want to say your article is as amazing. The clarity on your post is simply nice and that i could think you’re a professional on this subject. Well together with your permission allow me to seize your RSS feed to keep updated with coming near near post. Thank you 1,000,000 and please carry on the gratifying work.

  821. natural wellness remedies

    It is the best time to make some plans for the longer term and it’s time to be happy. I have learn this put up and if I may I wish to counsel you few attention-grabbing issues or tips. Perhaps you could write subsequent articles referring to this article. I want to read more issues approximately it!

  1096. Donaldfarma

    vibración de motor
    Sistemas de calibración: esencial para el funcionamiento estable y efectivo de las máquinas.

    En el campo de la tecnología moderna, donde la productividad y la seguridad del dispositivo son de gran significancia, los aparatos de calibración desempeñan un papel esencial. Estos dispositivos especializados están concebidos para balancear y regular elementos rotativas, ya sea en maquinaria industrial, automóviles de traslado o incluso en aparatos caseros.

    Para los especialistas en mantenimiento de aparatos y los ingenieros, manejar con equipos de ajuste es fundamental para garantizar el operación fluido y seguro de cualquier sistema dinámico. Gracias a estas opciones tecnológicas avanzadas, es posible minimizar notablemente las sacudidas, el estruendo y la presión sobre los rodamientos, mejorando la longevidad de partes valiosos.

    También trascendental es el papel que tienen los dispositivos de balanceo en la soporte al cliente. El asistencia técnico y el conservación constante empleando estos equipos permiten brindar soluciones de óptima estándar, aumentando la satisfacción de los consumidores.

    Para los titulares de empresas, la aporte en estaciones de equilibrado y medidores puede ser clave para aumentar la efectividad y productividad de sus equipos. Esto es especialmente importante para los inversores que dirigen reducidas y intermedias negocios, donde cada punto vale.

    Además, los sistemas de balanceo tienen una extensa implementación en el sector de la prevención y el supervisión de nivel. Habilitan localizar probables errores, evitando reparaciones onerosas y problemas a los dispositivos. También, los datos extraídos de estos equipos pueden utilizarse para optimizar procedimientos y potenciar la visibilidad en plataformas de consulta.

    Las sectores de aplicación de los equipos de equilibrado incluyen variadas ramas, desde la elaboración de transporte personal hasta el seguimiento del medio ambiente. No influye si se habla de enormes fabricaciones manufactureras o reducidos locales de uso personal, los aparatos de equilibrado son necesarios para garantizar un operación óptimo y sin detenciones.

  1161. toronto airport limo

    Hi there, just turned into alert to your weblog via Google, and found that it’s truly informative. I’m going to be careful for brussels. I’ll appreciate in the event you proceed this in future. A lot of other people shall be benefited from your writing. Cheers!

Leave a Reply

Your email address will not be published. Required fields are marked *

Eu Ai act
First Rules of the EU AI Act Come into Effect: What Does it Mean?
Tsaaro Consulting

First Rules of the EU AI Act Come into Effect: What Does it Mean?

The evolving digital landscape in the 21st century have placed a challenge for governments and organizations as they attempt to …

March 7, 2025
Digital Personal Data Protection (DPDP) Act
Exemptions Under the Digital Personal Data Protection (DPDP) Act, 2023  
Tsaaro Consulting

Exemptions Under the Digital Personal Data Protection (DPDP) Act, 2023  

Introduction  The Digital Personal Data Protection (DPDP) Act, 2023, and the Digital Personal Data Protection Rules, 2025 establish a comprehensive …

February 27, 2025
cybersecurity,
WHAT DRIVES CYBERSECURITY: A COMPREHENSIVE OVERVIEW 
Tsaaro Consulting

WHAT DRIVES CYBERSECURITY: A COMPREHENSIVE OVERVIEW 

In today’s interconnected world, cybersecurity plays a crucial role in protecting our digital lives. From protecting personal data to safeguarding …

February 21, 2025
Transfer Impact Assessments
Understand Transfer Impact Assessments: Insights from CNIL’s Practical Guide 
Tsaaro Consulting

Understand Transfer Impact Assessments: Insights from CNIL’s Practical Guide 

Introduction  A Transfer Impact Assessment (TIA) is a critical evaluation conducted under the General Data Protection Regulation (GDPR) to assess …

February 20, 2025
Draft DPDP Rules
The DPDP Act, 2023 and the Draft DPDP Rules, 2025: What Do They Mean for India’s AI Start-Ups?
Tsaaro Consulting

The DPDP Act, 2023 and the Draft DPDP Rules, 2025: What Do They Mean for India’s AI Start-Ups?

Introduction The Digital Personal Data Protection Act (DPDPA), 2023 and the Draft DPDP Rules, 2025 have ushered in a new …

February 12, 2025
Recent Comments

SHARE THIS POST

Would you like to read regular updates from Tsaaro.
Subscribe to our newsletter

Our Latest Blogs

Read what the latest hapennings in the cyber world are and learn what the
experts have to say about them

© 2024 Tsaaro Consulting. All rights reserved.
Linkedin Instagram Youtube

About Tsaaro

Resources

Other Links

Tsaaro Netherlands Office

Regus Schiphol Rijk Beech Avenue 54-62, Het Poortgebouw, Amsterdam, 1119 PW, Netherlands

Tsaaro Pune Office

Tech Centre, Rajiv Gandhi Infotech Park, Hinjewadi, Pune, Maharashtra

Tsaaro Noida Office

302, Tower C, ATS Bouquet, Noida Sector – 132, Uttar Pradesh, India

Tsaaro Bengaluru Office I

Manyata, Embassy Business Park, Outer Ring Road, Bengaluru, Karnataka

Tsaaro Bengaluru Office II

Second State, CMH Road, Indiranagar, Bengaluru, Karnataka

Call Our Experts:

+91 95577 22103

small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png

We’d love to help your organization achieve your Data Protection goals!

Schedule a complimentary consultation with our Team of Experts.