TaxTMI 
TaxTMI 
Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities (REs)
X X X X Extracts X X X X
X X X X Extracts X X X X
....Mutual Funds (MFs)/ Asset Management Companies (AMCs) All Portfolio Managers All Registrar to an Issue and Share Transfer Agents (RTAs) All Stock Brokers through Exchanges All Stock Exchanges All Venture Capital Funds (VCFs) Dear Sir / Madam, Subject: Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities (REs) Background: 1. SEBI had issued Cybersecurity and Cyber resilience framework for Market Infrastructure Institutions (MIIs) in 2015. Subsequently, SEBI had issued other Cybersecurity and Cyber resilience frameworks in line with MIIs circular of 2015 for following REs: 1.1. Stock Brokers and Depository Participants 1.2. Mutual Funds (MFs)/ Asset Management Companies (AMCs) 1.3. KYC Registration....
X X X X Extracts X X X X
X X X X Extracts X X X X
....ncy goals have been linked with the following cybersecurity functions: 6.1. Governance 6.2. Identify 6.3. Protect 6.4. Detect 6.5. Respond 6.6. Recover 7. CSCRF follows a graded approach and classifies the REs in the following five categories based on their span of operations and certain thresholds like number of clients, trade volume, asset under management, etc.: 7.1. Market Infrastructure Institutions (MIIs) 7.2. Qualified Res 7.3. Mid-size REs 7.4. Small-size Res 7.5. Self-certification REs 8. The framework provides a structured methodology to implement various solutions for cybersecurity and cyber resiliency. In order to facilitate better understanding and ease of compliance, the document is divided into four ....
X X X X Extracts X X X X
X X X X Extracts X X X X
....tablish appropriate security monitoring mechanisms through Security Operation Centre (SOC). The onboarding of SOC can be done through RE's own/ group SOC or Market SOC or any other third-party managed SOC for continuous monitoring of security events and timely detection of anomalous activities. 13. As compliance with the cybersecurity guidelines may be onerous for smaller REs due to the lack of knowledge and expertise in cybersecurity and the cost factor involved in setting up own SOC. Therefore, CSCRF mandates NSE and BSE to set up Market SOC (M-SOC) with the objective of providing cybersecurity solutions to such categories of REs. 14. CSCRF contains provisions with respect to various areas such as requirements of IT services, Software....