The Securities and Exchange Board of India (SEBI) has released a comprehensive circular detailing the new Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities (REs). This framework will replace the existing SEBI cybersecurity circulars, guidelines, and advisories.
Objective and Key Features of CSCRF   
The primary goal of the CSCRF is to address the evolving landscape of cyber threats, align with industry standards, facilitate efficient audits, and ensure compliance by SEBI-regulated entities. The framework establishes standardized reporting formats for REs, enabling streamlined compliance and oversight, SEBI stated.
The CSCRF is based on international standards and incorporates five key cyber resiliency goals: anticipate, withstand, contain, recover, and evolve. These goals are adapted from the Cyber Crisis Management Plan (CCMP) developed by the Indian Computer Emergency Response Team (CERT-In), aiming to combat cyber-attacks and cyber terrorism. The framework outlines a structured approach to implementing various cybersecurity and cyber resilience measures to enhance understanding and compliance.
Classification and Graded Approach   
The CSCRF follows a graded approach, classifying REs into five categories based on their operations and thresholds, such as the number of clients, trading volumes, and assets under management. The categories are:
1. Market Infrastructure Institutions (MIIs)
2. Qualified REs
3. Mid-size REs
4. Small-size REs
5. Self-certification REs
This classification ensures that even smaller entities are equipped with adequate cybersecurity measures to achieve resilience against cyber incidents and attacks.
Cyber Capability Index for Enhanced Monitoring   
To further bolster cybersecurity efforts, the CSCRF introduces the Cyber Capability Index (CCI) for MIIs and Qualified REs. This index will enable these entities to monitor and assess their cybersecurity progress and resilience on a periodic basis, fostering a culture of continuous improvement in their cybersecurity posture.
SEBI’s new framework aims to provide a robust methodology for entities to counteract cyber threats, aligning them with global best practices and ensuring a resilient financial market ecosystem in India.
Read the full document here :  https://www.sebi.gov.in/legal/circulars/aug-2024/cybersecurity-and-cyber-resilience-framework-cscrf-for-sebi-regulated-entities-res-_85964.html