On August 20th, 2024, the Securities and Exchange Board of India (SEBI) released the Cybersecurity and Cyber Resilience Framework (CSCRF) to SEBI-regulated entities (REs) to enhance the current cybersecurity measures in the Indian securities market and strengthen the mechanism for dealing with cyber risks or threats.
The CSCRF aims to provide standards and guidelines for strengthening cyber resilience and maintaining robust cybersecurity of SEBI REs. The CSCRF framework shall supersede existing SEBI cybersecurity circulars/ guidelines/ advisories/ letters.
The CSCRF is standards-based and broadly covers the five cyber resiliency goals adopted from the Cyber Crisis Management Plan (CCMP) of the Indian Computer Emergency Response Team (CERT-In): Anticipate, Withstand, Contain, Recover, and Evolve. These cyber resiliency goals have been linked with the following cybersecurity functions: Governance, Identify, Protect, Detect, Respond, and Recover.
The CSCRF is structured into four parts:
The framework shall apply to the following REs and also further sub classifies the REs into different categories based on their operational scale, number of clients, trade volume, and assets under management, and provides for specific compliance requirements for each category.
Explore solutions for CSCRF compliance by addressing cybersecurity function guidelines of Governance, Identity and Protect in the framework.
Thales can help REs comply with CSCRF by addressing cybersecurity function guidelines of Governance, Identity and Protect in the framework.
We provide solutions in three key areas of cybersecurity: Application Security, Data Security, and Identity & Access Management.
Protect applications and APIs at scale in the cloud, on-premises, or in a hybrid model. Our market leading product suite includes Web Application Firewall (WAF), protection against Distributed Denial of Service (DDoS) and malicious BOT attacks, security for APIs, a secure Content Delivery Network (CDN), and Runtime Application Self-Protection (RASP).
Discover and classify sensitive data across hybrid IT and automatically protect it anywhere, whether at rest, in motion, or in use, using encryption tokenization and key management. Thales solutions also identify, evaluate, and prioritize potential risks for accurate risk assessment as well as identify anomalous behavior, and monitor activity to verify compliance, allowing organizations to prioritize where to spend their efforts.
Provide seamless, secure and trusted access to applications and digital services for customers, employees and partners. Our solutions limit the access of internal and external users based on their roles and context with granular access policies and Multi-Factor Authentication that help ensure that the right user is granted access to the right resource at the right time.
SafeNet Authentication Service Private Cloud Edition (PCE) is a cost-effective, easy-to-use on-premises authentication platform that offers over 200 pre-tested configurations, supports third-party solutions, and offers diverse token types.
CipherTrust Data Discovery & Classification (DDC) identifies and classifies data across various data stores, enhancing data privacy and security by managing assets across on-premises, hybrid, cloud, and multi-cloud environments.
Imperva Data Security Fabric Data Activity Monitoring (DAM) enables REs to identify risks related to critical data by continuously monitoring data store activity, providing detailed audit trails.
Imperva Data Security Fabric Data Activity Monitoring (DAM) streamlines auditing across various platforms, including relational, NoSQL, mainframe, big data, and data warehouses, and supports Microsoft Azure and AWS, capturing detailed data activity automatically.
Thales Luna HSMs and High-speed Encryptors provide a crypto-agile approach to ensure PQC readiness for REs.
PQC starter kit enables REs to safely test quantum-safe solutions in a trusted environment, partnering with Quantinuum to set up a Luna HSM for PQC-ready keys.
Imperva Web Application Firewall (WAF) offers comprehensive security for web applications, detecting and preventing cyber threats. It blocks attacks in real-time and updates rules daily.
Imperva Data Security Fabric Data Risk Analytics monitors data access and activity, providing visibility for all users. It uses deep domain security expertise and machine learning to identify suspicious behaviors.
SafeNet Authentication Service Private Cloud Edition (PCE) allows organizations to limit access to confidential resources and supports third-party solutions via SAML, RADIUS, Agents, or APIs.
Imperva Web Application Firewall (WAF) offers comprehensive web application security, detecting and preventing cyber threats like cross-site scripting and illegal resource access. It blocks attacks in real time, with daily updates from the threat research team.
Imperva API Security provides full API visibility, automatically discovering endpoints and assessing risks. It classifies sensitive APIs using call data, enabling proactive security measures. Continuous monitoring promotes faster, secure software releases, available as an add-on or part of API Security Anywhere offering.
CipherTrust Transparent Encryption offers continuous file-level encryption, centralized key management, and privileged user access control, ensuring unauthorized access in physical, virtual, and cloud environments, ensuring seamless implementation.
CipherTrust Enterprise Key Management enhances key management in cloud and enterprise environments, providing high security and centralization for home-grown encryption and third-party applications using FIPS 140-2-compliant virtual or hardware appliances.
SafeNet Authentication Service Private Cloud Edition (PCE) provides centralized, secure access to enterprise applications through various authentication methods like OTP, PKI credentials, Kerberos, and various form factors.
Thales OneWelcome Identity and Access Management Solutions offer comprehensive security measures and reporting capabilities for organizations, utilizing multi-factor authentication devices for multiple applications.
Thales OneWelcome Consent & Preference Management module allows financial institutions to gather consumer consent, manage data access, and manage B2B delegation based on user roles and responsibilities.
CipherTrust Manager simplifies key lifecycle management, including activities such as generation, backup and restore, deactivation, and deletion. Its key destruction phases allow organizations to achieve digital shredding of data.
Imperva API Security provides security teams with comprehensive API visibility, enabling faster, more secure software release cycles and preventing resource-intensive workflows, thereby ensuring they stay updated with new risks.
Thales offers multiple solutions for data at rest that can coexist with native encryption provided by Cloud Service Provider (CSP).
CipherTrust Data Discovery and Classification (DDC) simplifies the process of identifying and classifying sensitive data across various data stores, thereby reducing security risks and enabling better decision-making for cloud transformation and remediation.
Imperva API Security provides comprehensive API visibility for security teams by automatically detecting endpoints and determining risks around sensitive data. It enhances protection against OWASP API Security Top 10 Risks for REs, allowing developers to build microservices and APIs across different environments.
CipherTrust Secrets Management (CSM) automates access to secrets across DevOps tools and cloud workloads, powered by Akeyless Vault, and integrates with third-party applications like GitHub and Kubernetes.
Thales High Speed Encryptors (HSE) offer network-independent, data-in-motion encryption, protecting data, video, voice, and metadata from eavesdropping, surveillance, and interception. Available as physical and virtual appliances, they support a wide network speed range.
CipherTrust Data Security Platform provides secure cloud storage for REs, utilizing advanced encryption and centralized key management, ensuring data mobility across multiple cloud vendors.
CipherTrust Cloud Key Manager (CCKM) supports Bring Your Own Key (BYOK) use cases across multiple cloud infrastructures and SaaS applications. It provides robust safeguards for enterprise data, enabling compliance and control over encryption key life cycles.
CipherTrust Transparent Encryption provides transparent encryption and access control for data residing in Amazon S3, Azure Files and more.
CipherTrust Tokenization tokenizes the data before it is migrated to the cloud in the obfuscated form to protect the data from any breach.
Thales Luna Hardware Security Modules (HSM) provide organizations with dedicated hardware for crypto key control, offering a tamper-resistant environment for secure cryptographic processing, key generation, and encryption.