TaxTMI 
TaxTMI 
TaxTMI 
Guidelines for MIIs regarding Cyber security and Cyber resilience
X X X X Extracts X X X X
X X X X Extracts X X X X
....ity framework to provide essential facilities and perform systemically critical functions relating to trading, clearing and settlement in securities market. It is also important that MIIs establish and continuously improve their Information Technology(IT) processes and controls to preserve confidentiality, integrity and availability of data and IT systems. 2. With the change in market dynamics in the Indian Securities markets, the interdependence among the MIIs has seen significant increase. Considering the interconnectedness and interdependency of the MIIs to carry out their functions, the cyber risk of any given MII is no longer limited to the MII's owned or controlled systems, networks and assets. 3. In view of the above, based on the ....
X X X X Extracts X X X X
X X X X Extracts X X X X
....tories Act, 1996 read with Regulation 97 of Securities and Exchange Board of India (Depositories and Participants) Regulations, 2018 to protect the interests of investors in securities and to promote the development of, and to regulate the securities market. 9. The circular is issued with the approval of Competent Authority. 10. This circular is available on SEBI website at www.sebi.gov.in under the category "Legal" and dropdown "Circulars". Yours faithfully, Ansuman Dev Pradhan Deputy General Manager +91-22-26449622 [email protected] Annexure-A MIIs are required to implement the following practices: - 1) MIIs shall maintain offline, encrypted backups of data and shall regularly test these backups at least on a quarterly basis....
X X X X Extracts X X X X
X X X X Extracts X X X X
....ss vulnerabilities, especially those on internet-facing devices, to limit the attack surface. 6) MIIs should patch and update software and OSs to the latest available versions and it must be reviewed on a quarterly basis to ensure the implementation of the same. 7) MIIs should implement a cybersecurity user awareness and training program that includes guidance on how to identify and report suspicious activity (e.g. phishing) or incidents. 8) MIIs should implement filters at the email gateway to filter out emails with known malicious indicators, such as known malicious subject lines, and block suspicious Internet Protocol (IP) addresses, malicious domains/URLs at the firewall. 9) MIIs should ensure Endpoint Detection and Response (ED....
X X X X Extracts X X X X
X X X X Extracts X X X X
....ure the implementation of the same. b) MIIs should ensure that no unnecessary software is installed on DCs, as these can be leveraged to run arbitrary code on the system. c) MIIs should ensure that access to DCs should be restricted to the Administrators group- Users within this group should be limited and have separate accounts used for day-to-day operations with non-administrative permissions. d) MIIs should ensure that DC host firewalls are configured to prevent direct internet access. e) MIIs shall undertake the penetration testing activity (internal and external) for known Active Directory Domain Controller abuse attacks. Weaknesses shall be remediated on topmost priority. 16) Delegated access and unused tokens should be revi....