Cybersecurity requirements for market infrastructure institutions mandate immediate technical, governance and continuity controls with audit reporting. SEBI mandates immediate compliance by MIIs with prescribed cybersecurity and cyber resilience measures, to be reported with statutory cybersecurity audits and implemented within 120 days. Required measures include encrypted offline backups tested quarterly; gold images and spare hardware for rapid rebuilds; vulnerability scanning and quarterly patch reviews; endpoint protection, application whitelisting, MFA, least privilege controls and privileged access management; secure Active Directory and domain controller practices with penetration testing; network and API whitelisting, DNS filtering and DNS Sec; detailed log retention; controlled remote access; SOPs to implement government cybersecurity advisories; business continuity drills including ransomware scenarios; and vendor/linked MII inclusion in recovery testing.
Cases where this provision is explicitly mentioned in the judgment/order text; may not be exhaustive. To view the complete list of cases mentioning this section, Click here.
Provisions expressly mentioned in the judgment/order text.
Cybersecurity requirements for market infrastructure institutions mandate immediate technical, governance and continuity controls with audit reporting.
SEBI mandates immediate compliance by MIIs with prescribed cybersecurity and cyber resilience measures, to be reported with statutory cybersecurity audits and implemented within 120 days. Required measures include encrypted offline backups tested quarterly; gold images and spare hardware for rapid rebuilds; vulnerability scanning and quarterly patch reviews; endpoint protection, application whitelisting, MFA, least privilege controls and privileged access management; secure Active Directory and domain controller practices with penetration testing; network and API whitelisting, DNS filtering and DNS Sec; detailed log retention; controlled remote access; SOPs to implement government cybersecurity advisories; business continuity drills including ransomware scenarios; and vendor/linked MII inclusion in recovery testing.
Full Summary is available for active users!
Note: It is a system-generated summary and is for quick reference only.