Cybersecurity compliance thresholds revised: categorisation and exemptions updated, with HSM mandate for top-tier regulated entities. The circular revises CSCRF classification thresholds and exemption rules, fixes an RE's category for the financial year based on prior year data, and prescribes that the higher applicable category applies where multiple thresholds are met. It specifies recategorizations and exemptions for stock brokers, DPs, IAs, RAs, KRAs, portfolio managers, AIF/VCF managers, MBs and RTAs, reallocates reporting authority for IAs and RAs to BSE Ltd., mandates a dedicated Hardware Security Module for MIIs and Qualified REs while permitting alternatives for lower categories subject to board approved risk assessment, and aligns cyber audits with prior CSCRF guidance.
Cases where this provision is explicitly mentioned in the judgment/order text; may not be exhaustive. To view the complete list of cases mentioning this section, Click here.
Provisions expressly mentioned in the judgment/order text.
Cybersecurity compliance thresholds revised: categorisation and exemptions updated, with HSM mandate for top-tier regulated entities.
The circular revises CSCRF classification thresholds and exemption rules, fixes an RE's category for the financial year based on prior year data, and prescribes that the higher applicable category applies where multiple thresholds are met. It specifies recategorizations and exemptions for stock brokers, DPs, IAs, RAs, KRAs, portfolio managers, AIF/VCF managers, MBs and RTAs, reallocates reporting authority for IAs and RAs to BSE Ltd., mandates a dedicated Hardware Security Module for MIIs and Qualified REs while permitting alternatives for lower categories subject to board approved risk assessment, and aligns cyber audits with prior CSCRF guidance.
Full Summary is available for active users!
Note: It is a system-generated summary and is for quick reference only.