A new circular issued by the Indian Computer Emergency Response Team (CERT-In), has asked all government and private agencies to report cybersecurity breach incidents to it within six hours of noticing them.
The circular mandates all service providers, intermediaries, data centres, corporates, and government organisations to enable logs of all their ICT (Information and Communication Technology) systems and maintain them securely for a rolling period of 180 days, and the same shall be maintained within the Indian jurisdiction.
According to the latest order, data centres, virtual private server (VPS) providers, cloud service providers, and virtual private network service (VPN Service) providers need to register the accurate information related to subscriber names, customer hiring the services, ownership pattern of the subscribers etc, and maintain them for five years or longer duration as mandated by the law.
Cert-In said, “To address the identified gaps and issues so as to facilitate incident response measures, CERT-In has issued directions relating to information security practices, procedure, prevention, response, and reporting of cyber incidents under the provisions of sub-section (6) of section 70B of the Information Technology Act, 2000. These directions will become effective after 60 days.”
CERT-In is empowered under section 70B of the Information Technology Act to collect, analyse, and disseminate information on cybersecurity incidents. Minister of state for electronics and IT Rajeev Chandrasekhar said that the move will help in fighting cybercrime more effectively and urged all companies and enterprises to mandatorily report cyber incidents to IndianCERT.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
