SEBI Updates Cybersecurity Framework for Regulated Entities
SEBI has clarified that its cybersecurity and cyber resilience framework applies only to systems used for regulated activities. Shared infrastructure will be audited if not covered by another regulator. Guidelines for mobile apps are advisory, while zero-trust principles are encouraged but not mandatory for regulated entities.
- Country:
- India
The Securities and Exchange Board of India (SEBI) issued new clarifications regarding its Cybersecurity and Cyber Resilience Framework (CSCRF), specifying that the framework applies solely to systems involved in regulated activities.
In a detailed circular, SEBI outlined that shared infrastructure will also undergo audits unless already supervised by the Reserve Bank of India (RBI) or another recognized authority.
Furthermore, SEBI will accept compliance with RBI or similar cybersecurity regulations if they are equivalent to its standards, a move aimed at simplifying protocols for regulated entities.
(With inputs from agencies.)
Advertisement
ALSO READ
RBI Highlights Trade Uncertainty Amidst Inflation Optimism
Espionage Scandal Unveiled: Croatian Officer and Serbian Partner Arrested
U.S. Urges Renewal of Iran Sanctions Amid Nuclear Compliance Concerns
India and Singapore Strengthen Arbitration Ties through High-Level Dialogue Held by IIAC
Tragic Honor Killing Unveiled: A Tale of Forbidden Love
Google News