SEBI Issues New Cybersecurity Framework for Regulated Entities

Mumbai: Sebi has issued a detailed circular on Cybersecurity and Cyber Resilience Framework (CSCRF) for Sebi Regulated Entities (REs) and will supersede existing Sebi cybersecurity circulars/ guidelines/ advisories.

"The key objective of CSCRF is to address evolving cyber threats, to align with the industry standards, to encourage efficient audits, and to ensure compliance by SEBI REs. The CSCRF also sets out standards formats for reporting by REs, SEBI said.

"The CSCRF is standards based and broadly covers the five cyber resiliency goals (anticipate, withstand, contain, recover, and evolve) adopted from Cyber Crisis Management Plan (CCMP) of Indian Computer Emergency Response Team(CERT-In)for countering Cyber Attacks and Cyber Terrorism," SEBI said.

The framework provides a structured methodology to implement various solutions for cybersecurity and cyber resiliency. In order to facilitate better understanding and ease of compliance.

CSCRF follows a graded approach and classifies the REs in the following five categories based on their span of operations and certain thresholds like number of clients, trade volume, asset under management, etc.-1 Market Infrastructure Institutions (MIIs) 2.Qualified REs 3.Mid-size REs 4.Small-size REs 5.Self-certification REs.

"CSCRF aims to ensure that even smaller REs are equipped with adequate cybersecurity measures and achieve resiliency against cybersecurity incidents/ attacks. Cyber Capability Index (CCI) for MIIs and Qualified REs shallhelp these REs to monitor and assess their progress and cyber resilience on a periodic basis," SEBI said.