NABARD Cyber Security Controls For Third Party ATM

National Bank for Agriculture and Rural Development (NABARD) is an apex development financial institution of the country, outlined to address the of an organizational device for resolving credit related issues linked with rural development. The institution has been entrusted with “matters concerning policy, planning, and operations in the field of credit for agriculture and other economic activities in rural areas in India” and is currently active in the development and implementation of the Financial Inclusion.

NABARD put forth a circular stating the necessity of implementing cyber security controls on the third-party payment ecosystem (ATM Switch) by the service providers for the cooperative banks and Regional Rural Banks. The agreement mandates the third-party ATM Switch ASP to comply with the cyber security controls given in the Annexure on an ongoing basis and to provide access to the RBI/NABARD for on-site/off-site supervision. The controls defined under the annexure are applicable to the ASP’s limited to the IT ecosystem providing ATM switch services as well as any other type of payment system related services to the banks.

Cyber Security Controls for ATM Switch Application Service Providers (ASPs):

• Preventing access of unauthorized software

• Environmental Controls

• Network Management and Security

• Secure Configuration

• Application Security Life Cycle (ASLC)

• Patch/Vulnerability and Change Management

• User Access Control/Management

• Data Leak prevention strategy

• Audit Logs

• Incident Response and Management

• Advanced Real-time Threat Defence and Management

• Vulnerability assessment and penetration Test

• Forensics

• Arrangement for continuous surveillance - Setting up of Cyber Security Operation Center (CSOC)

• Compliance with various standards

Read the full document here:

The Auditor or the auditing firm meticulously verifies and categories elements of the system according to the guidelines. In case of any gaps in terms of compliance, the Auditor informs the bank regarding the non-compliance and offers solutions to ensure that everything is in line. Once all the required verification is carried out, the Auditor then gives the report the stamp of approval which showcases the reliability of the system provided by the company.