Modification in Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing Corporations and Depositories

X X   X X   Extracts   X X   X X

Full Text of the Document

X X   X X   Extracts   X X   X X

....nce framework of Stock Exchanges, Clearing Corporations and Depositories 1. SEBI vide circular no. SEBI/CIR/MRD/DP/13/2015 dated July 06, 2015 prescribed framework for Cyber Security and Cyber Resilience for stock exchanges, clearing corporations and depositories. 2. In partial modification to Annexure A of SEBI circular dated July 06, 2015, the paragraph-11, 40, 41 and 42 shall be read as under....

X X   X X   Extracts   X X   X X

Full Text of the Document

X X   X X   Extracts   X X   X X

.... resources, connections to its network and data flows. 40. MIIs should carry out periodic vulnerability assessment and penetration testing (VAPT) which inter-alia includes all critical assets and infrastructure components like Servers, Networking systems, Security devices, load balancers, other IT systems pertaining to the activities done as a role of MII etc., in order to detect security vulner....

X X   X X   Extracts   X X   X X

Full Text of the Document

X X   X X   Extracts   X X   X X

....s and compliance of closure of findings identified during VAPT shall be submitted to SEBI within 3 months post the submission of final VAPT report to SEBI. 42. In addition, MIIs should also perform vulnerability scanning and conduct penetration testing prior to the commissioning of a new system which is a critical system or part of an existing critical system. 3. Further, the MIIs are mandated ....