Cybersecurity and Cyber Resilience Framework (CSCRF) by SEBI
On August 20th, 2024, the Securities and Exchange Board of India (SEBI) released the Cybersecurity and Cyber Resilience Framework (CSCRF) to SEBI-regulated entities (REs) to enhance the current cybersecurity measures in the Indian securities market and strengthen the mechanism for dealing with cyber risks or threats.
The CSCRF aims to provide standards and guidelines for strengthening cyber resilience and maintaining robust cybersecurity of SEBI REs. The CSCRF framework shall supersede existing SEBI cybersecurity circulars/ guidelines/ advisories/ letters.
Compliance brief
Cybersecurity and Cyber Resilience Framework (CSCRF)
Explore solutions for CSCRF compliance by addressing cybersecurity function guidelines of Governance, Identity and Protect in the framework.
How Thales Helps with CSCRF compliance
Thales can help REs comply with CSCRF by addressing cybersecurity function guidelines of Governance, Identity and Protect in the framework.
We provide solutions in three key areas of cybersecurity: Application Security, Data Security, and Identity & Access Management.
CSCRF Compliance Solutions
Application Security
Protect applications and APIs at scale in the cloud, on-premises, or in a hybrid model. Our market leading product suite includes Web Application Firewall (WAF), protection against Distributed Denial of Service (DDoS) and malicious BOT attacks, security for APIs, a secure Content Delivery Network (CDN), and Runtime Application Self-Protection (RASP).
Address CSCRF Standard Code and Guidelines
- GV.PO - 1.3.ii. Policy | S1, S2, S5
- ID.AM - 2.1.ii. Asset Management | S1, S4
- ID.RA - 2.2.ii. Risk Assessment | S1, S2
- ID.RA - 2.2.ii. Risk Assessment | S4
- PR.AA - 3.1.ii. Identity Management, Authentication, and Access Control | S1, S2, S3, S7, S9
- PR.AA - 3.1.ii. Identity Management, Authentication, and Access Control | S10, S11, S12
- PR.AA - 3.1.ii. Identity Management, Authentication, and Access Control | S13, S14
- PR.AA - 3.1.ii. Identity Management, Authentication, and Access Control | S16, S17
- PR.DS – 3.3.ii. Data Security | S1, S2, S3
- Annexure-G: Application Authentication Security
- Annexure-I: Data Transport Security
- Annexure-J: Framework for Adoption of Cloud Services | Principle 6: Security Controls
SafeNet Authentication Service Private Cloud Edition (PCE) is a cost-effective, easy-to-use on-premises authentication platform that offers over 200 pre-tested configurations, supports third-party solutions, and offers diverse token types.
CipherTrust Data Discovery & Classification (DDC) identifies and classifies data across various data stores, enhancing data privacy and security by managing assets across on-premises, hybrid, cloud, and multi-cloud environments.
Imperva Data Security Fabric Data Activity Monitoring (DAM) enables REs to identify risks related to critical data by continuously monitoring data store activity, providing detailed audit trails.
Related resources
Compliance Brief [Englisch]
Addressing The Requirements of Cybersecurity and Cyber Resilience Framework (CSCRF) by SEBI
Compliance Brief [Englisch]
Addressing The Requirements of The Framework for Adoption of Cloud Services by SEBI Regulated Entities
Other key data protection and security regulations
PCI HSM
MANDATE | ACTIVE NOW
The PCI HSM specification defines a set of logical and physical security compliance standards for HSMs specifically for the payments industry. PCI HSM Compliance certification depends on meeting those standards.
DORA
REGULATION | ACTIVE NOW
DORA aims to strengthen the IT security of financial entities to make sure the financial sector in Europe is resilient in the face of the growing volume and severity of cyber-attacks.
Data Breach Notification Laws
REGULATION | ACTIVE NOW
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbor” clause.