SEBI has clarified the scope and applicability of its Cybersecurity and Cyber Resilience Framework (CSCRF), emphasizing its focus on systems used exclusively for SEBI-regulated activities. The framework aims to standardize cybersecurity practices across entities, incorporating critical systems, zero-trust principles, and disaster recovery benchmarks. #SEBI #CSCRF #cyberresilience
Keypoints
- SEBI’s CSCRF applies to systems used solely for SEBI-regulated activities, excluding overlapping responsibilities with other regulators.
- Shared infrastructure not overseen by RBI or another authority will fall under CSCRF audit requirements.
- The framework defines critical systems as those impacting core operations, data, or hosting internet-facing applications.
- Regulated entities are encouraged to implement zero-trust security measures and develop cyber crisis management plans.
- Disaster recovery mandates require resumption of critical operations within two hours and data recovery within 15 minutes.
Read More: https://thecyberexpress.com/sebi-clarifies-cscrf/