India CERT-In Cyber Security Directions 2022

India

v2022

19 domains

40 controls

The Indian Computer Emergency Response Team (CERT-In) Directions of April 2022 mandate cybersecurity practices for service providers, intermediaries, data centres, and government organizations in India. Key requirements include 6-hour incident reporting, 180-day log retention, KYC for VPN/cloud providers, and synchronized system clocks. Applies to all entities covered by the Information Technology Act 2000.

Unverified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (19)

Audit

1 controls

Controls in the Audit domain of India CERT-In Cyber Security Directions 2022 — 1 controls
Code	Title	Description
CERTIN-17	Audit of Compliance	Organisations should periodically audit their compliance with the directions, particularly logging, retention and incide...

Compliance and Cooperation

4 controls

Controls in the Compliance and Cooperation domain of India CERT-In Cyber Security Directions 2022 — 4 controls
Code	Title	Description
Dir. 14	CERT-In Orders Compliance	Entities must comply with CERT-In orders for information, including near real-time data provision.
Dir. 15	Action and Information Directives	CERT-In may direct entities to take specific actions or provide information to address cyber incidents.
Dir. 16	Applicability to All Entities	Directions apply to service providers, intermediaries, data centres, corporates, and government organizations.
Dir. 17	Penalties for Non-Compliance	Non-compliance is punishable with imprisonment up to one year or fine up to INR 1 lakh or both.

Coordination

1 controls

Controls in the Coordination domain of India CERT-In Cyber Security Directions 2022 — 1 controls
Code	Title	Description
CERTIN-11	Sectoral CERT Coordination	Entities operating under sectoral CERTs such as CERT-Fin must continue to report to the sectoral body and copy CERT-In a...

Customer onboarding

5 controls

Controls in the Customer onboarding domain of India CERT-In Cyber Security Directions 2022 — 5 controls
Code	Title	Description
CERTIN-12	Validation of Subscriber Details	VPN and VPS subscriber information must be accurately validated by the provider. Self attestation alone is not sufficien...
CERTIN-18	Subscriber Records on Cancellation	Where a registration is cancelled, KYC and transaction information must be retained for a further five years in a manner...
CERTIN-7	Data Centre and VPS KYC	Data centre, virtual private server, cloud service provider and VPN service provider entities must maintain KYC informat...
CERTIN-8	Subscriber Information Categories	VPS and VPN service providers must record validated names, address, contact numbers, email, IP allotted, validation docu...
CERTIN-9	Virtual Asset Customer KYC	Virtual asset service providers, virtual asset exchange providers and custodian wallet providers must maintain KYC and r...

Enforcement

1 controls

Controls in the Enforcement domain of India CERT-In Cyber Security Directions 2022 — 1 controls
Code	Title	Description
CERTIN-13	Penalties for Non Compliance	Failure to comply with the directions or furnish information may attract punitive action under section 70B(7) of the Inf...

Governance

1 controls

Controls in the Governance domain of India CERT-In Cyber Security Directions 2022 — 1 controls
Code	Title	Description
CERTIN-4	Single Point of Contact	Organisations must designate a Point of Contact for liaison with CERT-In and communicate the details, with updates whene...

Incident Reporting

0 controls

Cyber incident reporting and preservation

Incident Reporting Requirements

9 controls

Controls in the Incident Reporting Requirements domain of India CERT-In Cyber Security Directions 2022 — 9 controls
Code	Title	Description
Dir. 1	Mandatory Incident Reporting	All service providers and organizations must report cyber security incidents to CERT-In within 6 hours.
Dir. 2	Expanded Incident Categories	Twenty types of incidents are reportable including data breaches, data leaks, and attacks on IoT devices.
Dir. 3	Incident Report Format	Incidents must be reported in prescribed formats with details including affected systems and impact assessment.
Dir. 4	Point of Contact Designation	Organizations must designate and communicate a point of contact for interacting with CERT-In.
Sec. 2242(a)	Covered cyber incident report	Covered entities must report substantial cyber incidents to CISA within 72 hours.
Sec. 2242(b)	Ransom payment report	Covered entities must report ransom payments to CISA within 24 hours of payment.
Sec. 2242(c)	Supplemental reports	Covered entities must submit supplemental reports when substantial new or different information is discovered.
Sec. 2242(d)	Report contents	Reports must include description of the incident, vulnerabilities exploited, and affected systems.
Sec. 2242(e)	Preservation of information	Covered entities must preserve data relevant to the reported cyber incident.

Incident reporting

1 controls

Controls in the Incident reporting domain of India CERT-In Cyber Security Directions 2022 — 1 controls
Code	Title	Description
CERTIN-2	Six Hour Incident Reporting	Any reportable cyber incident must be notified to CERT-In within six hours of noticing or being brought to notice, using...

Incident scope

1 controls

Controls in the Incident scope domain of India CERT-In Cyber Security Directions 2022 — 1 controls
Code	Title	Description
CERTIN-3	Reportable Incident Categories	The directions specify 20 categories of reportable incidents including data breaches, ransomware, identity theft, fake m...

Logging

3 controls

Controls in the Logging domain of India CERT-In Cyber Security Directions 2022 — 3 controls
Code	Title	Description
CERTIN-14	Log Storage Location	Logs covered by direction (iv) must be maintained within the Indian jurisdiction even if the systems generating them are...
CERTIN-5	Log Retention 180 Days	All service providers, intermediaries, data centres, body corporate and government organisations must enable logs of all...
CERTIN-6	Log Provision on Order	Logs must be provided to CERT-In along with reporting of any incident or when ordered or directed by CERT-In.

Logging integrity

1 controls

Controls in the Logging integrity domain of India CERT-In Cyber Security Directions 2022 — 1 controls
Code	Title	Description
CERTIN-1	Time Synchronisation with NTP	All ICT systems must synchronise their clocks to the Network Time Protocol server of National Informatics Centre or Nati...

Operational reporting

1 controls

Controls in the Operational reporting domain of India CERT-In Cyber Security Directions 2022 — 1 controls
Code	Title	Description
CERTIN-10	Reporting Mechanism	Incidents may be reported to CERT-In via email, phone or web portal in the specified format. Helpline numbers and email...

Service Provider Obligations

3 controls

Controls in the Service Provider Obligations domain of India CERT-In Cyber Security Directions 2022 — 3 controls
Code	Title	Description
Dir. 10	Virtual Private Server Provider Records	Virtual private server providers must maintain customer account details and ownership patterns for 5 years.
Dir. 8	Data Centre and Cloud Provider Records	Data centres and cloud providers must register and maintain validated customer information for 5 years.
Dir. 9	VPN Service Provider Customer Data	VPN providers must collect and retain validated subscriber names, addresses, IP addresses, and usage records for 5 years...

System Logging and Clock Synchronization

3 controls

Controls in the System Logging and Clock Synchronization domain of India CERT-In Cyber Security Directions 2022 — 3 controls
Code	Title	Description
Dir. 5	ICT System Log Maintenance	All ICT system logs must be maintained for a rolling period of 180 days within Indian jurisdiction.
Dir. 6	Clock Synchronization via NTP	All ICT systems must synchronize clocks to the Network Time Protocol server of NIC or NPLI.
Dir. 7	Log Availability to CERT-In	Logs must be provided to CERT-In when reporting incidents or upon CERT-In request or direction.

Technical Requirements

0 controls

ICT accessibility technical standards

Third party

1 controls

Controls in the Third party domain of India CERT-In Cyber Security Directions 2022 — 1 controls
Code	Title	Description
CERTIN-15	Cloud Service Provider Obligations	Cloud service providers must register their resources and maintain customer details including validated address and owne...

Training

1 controls

Controls in the Training domain of India CERT-In Cyber Security Directions 2022 — 1 controls
Code	Title	Description
CERTIN-16	Drills and Awareness	Entities should participate in CERT-In coordinated cyber security exercises and run internal incident response drills to...

Virtual Asset and Financial Platform Requirements

3 controls

Controls in the Virtual Asset and Financial Platform Requirements domain of India CERT-In Cyber Security Directions 2022 — 3 controls
Code	Title	Description
Dir. 11	Virtual Asset Service Provider KYC	Virtual asset exchanges and custodian wallet providers must maintain KYC records of all users.
Dir. 12	Financial Transaction Records	Records of all financial transactions on virtual asset platforms must be retained for 5 years.
Dir. 13	Digital Payment System Incident Reporting	Attacks affecting digital payment systems and fintech platforms must be reported within 6 hours.

Your Compliance Coverage

If you comply with India CERT-In Cyber Security Directions 2022, you already cover:

FTC GLBA Safeguards Rule (16 CFR Part 314)

10%

4 controls mapped

Compare →

Nevada Gaming Control Board Cybersecurity Requirements

10%

4 controls mapped

Compare →

Lloyd's Minimum Standards - Cyber Security

10%

4 controls mapped

Compare →

+ 313 more: South Korea Cloud Security Assurance Program (CSAP) (10%), TISAX - Trusted Information Security Assessment Exchange (10%)

See all 316 mapped frameworks ↓

Maps to 316 other frameworks

40 total controls

FTC GLBA Safeguards Rule (16 CFR Part 314)

4 source controls mapped|6 target controls covered

10%

Nevada Gaming Control Board Cybersecurity Requirements

4 source controls mapped|7 target controls covered

10%

Lloyd's Minimum Standards - Cyber Security

4 source controls mapped|7 target controls covered

10%

South Korea Cloud Security Assurance Program (CSAP)

4 source controls mapped|9 target controls covered

10%

TISAX - Trusted Information Security Assessment Exchange

4 source controls mapped|6 target controls covered

10%

Singapore Government Instruction Manual on ICT&SS Management (IM8)

4 source controls mapped|6 target controls covered

10%

US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule

3 source controls mapped|5 target controls covered

Nigeria Open Banking Regulatory Framework (CBN, 2023)

3 source controls mapped|3 target controls covered

APRA CPS 230 Operational Risk Management

3 source controls mapped|3 target controls covered

APRA CPS 234

3 source controls mapped|7 target controls covered

UK Defence Standard 05-138 - Cyber Security for Defence Suppliers

3 source controls mapped|5 target controls covered

FFIEC Cybersecurity Assessment Tool (CAT)

3 source controls mapped|3 target controls covered

API 1164

3 source controls mapped|6 target controls covered

US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements

3 source controls mapped|6 target controls covered

Azure Security Benchmark

3 source controls mapped|3 target controls covered

ASD Strategies to Mitigate Cyber Security Incidents

3 source controls mapped|5 target controls covered

AWS Well-Architected Security Pillar

3 source controls mapped|3 target controls covered

PCI SSF

3 source controls mapped|7 target controls covered

NIST SP 800-190

3 source controls mapped|3 target controls covered

Oman National Cybersecurity Framework

3 source controls mapped|4 target controls covered

PCI P2PE

3 source controls mapped|7 target controls covered

ISO 27017

3 source controls mapped|3 target controls covered

HKMA SPM

3 source controls mapped|7 target controls covered

FFIEC IT Examination Handbook

3 source controls mapped|7 target controls covered

PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments

3 source controls mapped|7 target controls covered

New Zealand Information Security Manual (NZISM)

3 source controls mapped|7 target controls covered

MARS-E - Minimum Acceptable Risk Standards for Exchanges

3 source controls mapped|7 target controls covered

NRC 10 CFR 73.54 - Nuclear Facility Cybersecurity

3 source controls mapped|7 target controls covered

SWIFT CSP

3 source controls mapped|7 target controls covered

PCI PIN Security

3 source controls mapped|7 target controls covered

RBI Cybersecurity Framework for Banks

3 source controls mapped|5 target controls covered

NERC CIP

3 source controls mapped|5 target controls covered

Laos Law on Prevention and Combating Cybercrime (2015)

3 source controls mapped|6 target controls covered

NIST SP 800-145

3 source controls mapped|3 target controls covered

IEC 62443

3 source controls mapped|6 target controls covered

TSA Pipeline Security

3 source controls mapped|8 target controls covered

PSD2 SCA

3 source controls mapped|7 target controls covered

ISMAP (Japan)

3 source controls mapped|3 target controls covered

ISO 27019

3 source controls mapped|6 target controls covered

GLBA

3 source controls mapped|7 target controls covered

Open Banking Security

3 source controls mapped|7 target controls covered

NIST Privacy Framework 1.0

3 source controls mapped|3 target controls covered

TSA Pipeline Cybersecurity Directives

3 source controls mapped|3 target controls covered

South Korea ISMS-P

3 source controls mapped|4 target controls covered

Monetary Authority of Singapore Technology Risk Management Guidelines

3 source controls mapped|7 target controls covered

ISO 27018

3 source controls mapped|3 target controls covered

OSFI B-13

3 source controls mapped|7 target controls covered

MTCS (Singapore)

3 source controls mapped|3 target controls covered

IEEE 1686

3 source controls mapped|6 target controls covered

IACS Unified Requirements E26/E27 - Cyber Resilience of Ships and On-Board Systems

3 source controls mapped|4 target controls covered

SWIFT CSCF

3 source controls mapped|7 target controls covered

NIS2 Directive

3 source controls mapped|8 target controls covered

NIST SP 1800-32

3 source controls mapped|6 target controls covered

NIST SP 800-146

3 source controls mapped|3 target controls covered

NIST SP 800-144

3 source controls mapped|3 target controls covered

ASIS SPC.1-2009 - Organizational Resilience Standard

3 source controls mapped|5 target controls covered

Telecommunications Sector Security Reforms (TSSR)

3 source controls mapped|5 target controls covered

Protective Security Policy Framework (PSPF) Release 2024

3 source controls mapped|5 target controls covered

HKMA Cyber Resilience Assessment Framework (C-RAF)

3 source controls mapped|4 target controls covered

SSAE 18 - Attestation Standards (SOC Reporting)

3 source controls mapped|6 target controls covered

MTCS - Multi-Tier Cloud Security (Singapore)

3 source controls mapped|2 target controls covered

SOC for Cybersecurity - Cybersecurity Risk Management Examination

3 source controls mapped|3 target controls covered

NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security

3 source controls mapped|7 target controls covered

NIST Cybersecurity Framework 2.0

3 source controls mapped|8 target controls covered

Security of Critical Infrastructure Act 2018 (SOCI)

3 source controls mapped|6 target controls covered

Florida Digital Bill of Rights (FDBR)

2 source controls mapped|2 target controls covered

UAE Virtual Asset Regulatory Authority (VARA) Regulations

2 source controls mapped|3 target controls covered

ISO/IEC 27010:2015

2 source controls mapped|2 target controls covered

AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)

2 source controls mapped|2 target controls covered

NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)

2 source controls mapped|5 target controls covered

US Consumer Product Safety Commission (CPSC) - Connected Product Safety

2 source controls mapped|2 target controls covered

NIST SP 800-124 Revision 2 - Guidelines for Managing the Security of Mobile Devices

2 source controls mapped|3 target controls covered

NIS2 Directive Implementing Acts

2 source controls mapped|2 target controls covered

US Executive Order 14028 - Improving the Nation's Cybersecurity

2 source controls mapped|2 target controls covered

UK Gambling Commission - Cyber Resilience Requirements

2 source controls mapped|2 target controls covered

O-RAN WG11 Security Specification

2 source controls mapped|2 target controls covered

ISO 28001:2007 Supply Chain Security Management

2 source controls mapped|2 target controls covered

ISO/IEC 27031:2011

2 source controls mapped|3 target controls covered

GLI-33 - Gaming Laboratories International Event Wagering Systems

2 source controls mapped|4 target controls covered

SOC 2

2 source controls mapped|5 target controls covered

UK AI Regulation Framework

2 source controls mapped|2 target controls covered

ISO 20000-1

2 source controls mapped|2 target controls covered

Singapore AI Governance Framework

2 source controls mapped|2 target controls covered

IRM Enterprise Risk Management Framework (Institute of Risk Management)

2 source controls mapped|5 target controls covered

UK Open Banking Standard

2 source controls mapped|3 target controls covered

NIST Privacy Framework Version 1.0

2 source controls mapped|3 target controls covered

OECD AI Principles

2 source controls mapped|2 target controls covered

UK ONR Cyber Security and Information Assurance (CSIA) for Nuclear Facilities

2 source controls mapped|2 target controls covered

Regulation (EU) 2019/1239 on the Maritime Single Window (MSW)

2 source controls mapped|1 target controls covered

SEC Climate Disclosure Rule

2 source controls mapped|2 target controls covered

ITIL 4

2 source controls mapped|2 target controls covered

IEEE 7000

2 source controls mapped|2 target controls covered

UK Security and Emergency Measures Direction (SEMD) - Water Industry

2 source controls mapped|3 target controls covered

UK FCA/PRA Operational Resilience Framework

2 source controls mapped|4 target controls covered

IMO Maritime Cybersecurity Guidelines (MSC-FAL.1/Circ.3/Rev.2)

2 source controls mapped|2 target controls covered

Japan AI Guidelines

2 source controls mapped|2 target controls covered

ISO 27001:2022

2 source controls mapped|4 target controls covered

TEFCA - Trusted Exchange Framework and Common Agreement

2 source controls mapped|2 target controls covered

Ghana Cybersecurity Act

2 source controls mapped|4 target controls covered

FISMA

2 source controls mapped|3 target controls covered

Family Educational Rights and Privacy Act (FERPA)

2 source controls mapped|1 target controls covered

FedRAMP Rev 5

2 source controls mapped|2 target controls covered

Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)

2 source controls mapped|2 target controls covered

BSI IT-Grundschutz

2 source controls mapped|6 target controls covered

NIST AI Risk Management Framework (AI RMF 1.0)

2 source controls mapped|5 target controls covered

NIST AI 600-1: Generative AI Profile

2 source controls mapped|5 target controls covered

Barbados Data Protection Act 2019

2 source controls mapped|1 target controls covered

APPI

2 source controls mapped|3 target controls covered

Privacy Act 1988 (Australia)

2 source controls mapped|3 target controls covered

India DPDP Act

2 source controls mapped|3 target controls covered

Vietnam Law on Cybersecurity (No. 24/2018/QH14)

2 source controls mapped|2 target controls covered

Annex 11 to EU GMP - Computerised Systems

2 source controls mapped|2 target controls covered

NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements

2 source controls mapped|3 target controls covered

Law No. 172-13 on the Protection of Personal Data

2 source controls mapped|3 target controls covered

Bahrain PDPL

2 source controls mapped|3 target controls covered

ISO/IEC 29147:2018

2 source controls mapped|2 target controls covered

Switzerland FADP

2 source controls mapped|3 target controls covered

Qatar DPL

2 source controls mapped|3 target controls covered

Montana Consumer Data Privacy Act

2 source controls mapped|3 target controls covered

Saudi NCA ECC

2 source controls mapped|6 target controls covered

Iceland DPA

2 source controls mapped|3 target controls covered

Minnesota Consumer Data Privacy Act

2 source controls mapped|3 target controls covered

Spain ENS

2 source controls mapped|6 target controls covered

Kenya DPA

2 source controls mapped|3 target controls covered

Kenya Data Protection Act

2 source controls mapped|3 target controls covered

Turkey KVKK

2 source controls mapped|3 target controls covered

Personal Data Act (personopplysningsloven)

2 source controls mapped|3 target controls covered

New Hampshire Data Privacy Act

2 source controls mapped|3 target controls covered

NIST SP 800-53 Rev 5

2 source controls mapped|6 target controls covered

Peru DPL

2 source controls mapped|3 target controls covered

Oregon Consumer Privacy Act

2 source controls mapped|3 target controls covered

Zambia Data Protection Act (2021)

2 source controls mapped|2 target controls covered

Maryland Online Data Privacy Act of 2024

2 source controls mapped|3 target controls covered

Switzerland New Federal Act on Data Protection (nFADP/nDSG, 2023)

2 source controls mapped|2 target controls covered

New Jersey Data Privacy Act

2 source controls mapped|3 target controls covered

Kentucky Consumer Data Protection Act

2 source controls mapped|3 target controls covered

NRF Cybersecurity and Data Privacy Framework (National Retail Federation)

2 source controls mapped|4 target controls covered

Virginia CDPA

2 source controls mapped|3 target controls covered

Vietnam PDPD

2 source controls mapped|3 target controls covered

Jamaica DPA

2 source controls mapped|3 target controls covered

Utah Consumer Privacy Act

2 source controls mapped|3 target controls covered

Malaysia PDPA 2010

2 source controls mapped|3 target controls covered

Mauritius DPA

2 source controls mapped|3 target controls covered

Tennessee IPA

2 source controls mapped|3 target controls covered

NIST SP 800-122

2 source controls mapped|3 target controls covered

Singapore Cybersecurity Act 2018

2 source controls mapped|2 target controls covered

Iowa Consumer Data Protection Act

2 source controls mapped|3 target controls covered

Indonesia PDP Law

2 source controls mapped|3 target controls covered

POPIA

2 source controls mapped|3 target controls covered

US Maritime Transportation Security Act (MTSA) and USCG Cybersecurity Requirements

2 source controls mapped|3 target controls covered

AICPA Privacy Management Framework (PMF)

2 source controls mapped|2 target controls covered

Trinidad and Tobago Data Protection Act 2011

2 source controls mapped|2 target controls covered

Papua New Guinea National Cybersecurity Policy & Cybercrime Act (2016)

2 source controls mapped|4 target controls covered

Japan FSA Cybersecurity Guidelines for Financial Institutions

2 source controls mapped|5 target controls covered

Kuwait National Cybersecurity Framework

2 source controls mapped|4 target controls covered

Mexico LFPDPPP

2 source controls mapped|3 target controls covered

UK GDPR (UK General Data Protection Regulation)

2 source controls mapped|2 target controls covered

UK Data Protection Act 2018

2 source controls mapped|3 target controls covered

Texas Data Privacy Act

2 source controls mapped|3 target controls covered

Rwanda DPL

2 source controls mapped|3 target controls covered

Philippines DPA

2 source controls mapped|3 target controls covered

Ley Orgánica de Protección de Datos Personales (LOPDP)

2 source controls mapped|3 target controls covered

IAEA Nuclear Security Series - Computer Security at Nuclear Facilities (NSS-17-T Rev 1)

2 source controls mapped|3 target controls covered

Taiwan PDPA

2 source controls mapped|3 target controls covered

Indiana Consumer Data Protection Act

2 source controls mapped|3 target controls covered

Uruguay DPL

2 source controls mapped|3 target controls covered

PDPA Singapore

2 source controls mapped|3 target controls covered

NFPA 1600 - Standard on Continuity, Emergency, and Crisis Management

2 source controls mapped|2 target controls covered

Nigeria Data Protection Regulation (NDPR)

2 source controls mapped|3 target controls covered

Sri Lanka Personal Data Protection Act (No. 9 of 2022)

2 source controls mapped|2 target controls covered

Saudi Arabia PDPL

2 source controls mapped|3 target controls covered

EASA Part-IS - Information Security in Aviation

2 source controls mapped|5 target controls covered

Privacy Act 2020

2 source controls mapped|3 target controls covered

PDPA Thailand

2 source controls mapped|3 target controls covered

Liechtenstein DPA

2 source controls mapped|3 target controls covered

LGPD

2 source controls mapped|4 target controls covered

SANS Incident Handler's Handbook and PICERL Methodology

2 source controls mapped|4 target controls covered

Nebraska Data Privacy Act

2 source controls mapped|3 target controls covered

South Korea PIPA

2 source controls mapped|3 target controls covered

GHG Protocol

1 source controls mapped|1 target controls covered

Bank Secrecy Act / Anti-Money Laundering (BSA/AML)

1 source controls mapped|4 target controls covered

Singapore Payment Services Act 2019 (PSA) - Digital Payment Token Provisions

1 source controls mapped|2 target controls covered

IFRS 17 - Insurance Contracts

1 source controls mapped|1 target controls covered

CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0

1 source controls mapped|2 target controls covered

OWASP ASVS

1 source controls mapped|1 target controls covered

ISO/IEC 27011:2024

1 source controls mapped|2 target controls covered

MITRE D3FEND

1 source controls mapped|1 target controls covered

OpenSSF Scorecard

1 source controls mapped|1 target controls covered

Myanmar Cybersecurity Law (2023)

1 source controls mapped|1 target controls covered

UNECE WP.29 R155

1 source controls mapped|1 target controls covered

PropTech Security Standards - Smart Building Cybersecurity

1 source controls mapped|2 target controls covered

ISO/SAE 21434

1 source controls mapped|1 target controls covered

NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)

1 source controls mapped|1 target controls covered

NIST SP 800-63-4

1 source controls mapped|1 target controls covered

NIST SP 800-61

1 source controls mapped|1 target controls covered

SSDF (NIST)

1 source controls mapped|1 target controls covered

SIG (Shared Assessments)

1 source controls mapped|1 target controls covered

ISO 27043

1 source controls mapped|1 target controls covered

NIST SP 800-88

1 source controls mapped|1 target controls covered

UNECE WP.29 R156

1 source controls mapped|1 target controls covered

UK PSTI Act

1 source controls mapped|1 target controls covered

OWASP MASVS

1 source controls mapped|1 target controls covered

SWIFT Customer Security Programme (CSP)

1 source controls mapped|1 target controls covered

NIST SP 800-137

1 source controls mapped|1 target controls covered

PTES

1 source controls mapped|1 target controls covered

OWASP SAMM

1 source controls mapped|1 target controls covered

MITRE ATT&CK

1 source controls mapped|1 target controls covered

SLSA

1 source controls mapped|1 target controls covered

NIST SP 800-123

1 source controls mapped|1 target controls covered

NIST SP 800-92

1 source controls mapped|1 target controls covered

IEC 62351 - Power Systems Communication Security

1 source controls mapped|2 target controls covered

NATO AQAP 2110 - Quality Assurance Requirements for Design, Development, and Production

1 source controls mapped|1 target controls covered

ISO/IEC 38500:2024 - Governance of IT

1 source controls mapped|1 target controls covered

TNFD Recommendations

1 source controls mapped|2 target controls covered

AASB S2 Climate-related Disclosures

1 source controls mapped|2 target controls covered

BS 65000:2014 - Guidance on Organizational Resilience

1 source controls mapped|1 target controls covered

ISO/IEC 27007:2020

1 source controls mapped|1 target controls covered

COBIT 2019

1 source controls mapped|1 target controls covered

SASB Standards (ISSB Integrated)

1 source controls mapped|1 target controls covered

SASB Standards

1 source controls mapped|1 target controls covered

ITU-T X.805 - Security Architecture for End-to-End Communications

1 source controls mapped|1 target controls covered

ISO/IEC 25012:2008 - Data Quality Model

1 source controls mapped|1 target controls covered

Right to Disconnect (Australia)

1 source controls mapped|1 target controls covered

South Africa Promotion of Access to Information Act (PAIA)

1 source controls mapped|1 target controls covered

WELL Building Standard v2 (International WELL Building Institute)

1 source controls mapped|1 target controls covered

DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition)

1 source controls mapped|1 target controls covered

NATO Cyber Defence Policy and NATO Computer Incident Response Capability (NCIRC)

1 source controls mapped|1 target controls covered

German Supply Chain Due Diligence Act (LkSG)

1 source controls mapped|2 target controls covered

FSSC 22000 - Food Safety System Certification

1 source controls mapped|1 target controls covered

French Sapin II Law (Law No. 2016-1691)

1 source controls mapped|2 target controls covered

FDA 21 CFR Part 11

1 source controls mapped|1 target controls covered

FATF Recommendation 16 - Virtual Asset Travel Rule

1 source controls mapped|1 target controls covered

Union Customs Code (UCC) - Regulation (EU) No 952/2013

1 source controls mapped|2 target controls covered

SQF Code Edition 9 - Safe Quality Food

1 source controls mapped|2 target controls covered

Saudi PDPL

1 source controls mapped|1 target controls covered

Korea PIPA

1 source controls mapped|1 target controls covered

Japan APPI

1 source controls mapped|1 target controls covered

PCAOB AS 2201 - Audit of Internal Control Over Financial Reporting (ICFR)

1 source controls mapped|2 target controls covered

ISO/IEC 29134:2023

1 source controls mapped|3 target controls covered

ISO/IEC 27014:2020

1 source controls mapped|2 target controls covered

AML/CTF Act 2006 (Australia)

1 source controls mapped|1 target controls covered

ISO/IEC 27557:2022 - Organisational Privacy Risk Management

1 source controls mapped|2 target controls covered

FBI CJIS Security Policy

1 source controls mapped|1 target controls covered

Vermont Artificial Intelligence and Consumer Data Act (AICDA)

1 source controls mapped|1 target controls covered

South Korea Personal Information Protection Act (PIPA)

1 source controls mapped|1 target controls covered

FedRAMP High

1 source controls mapped|2 target controls covered

NIST SP 800-53 Revision 5.1 HIGH

1 source controls mapped|2 target controls covered

IRS Publication 1075

1 source controls mapped|2 target controls covered

FedRAMP Moderate

1 source controls mapped|2 target controls covered

NIST SP 800-53 Rev 5 MODERATE

1 source controls mapped|2 target controls covered

NIST SP 800-53 Rev 5 LOW

1 source controls mapped|2 target controls covered

Responsible Minerals Initiative (RMI) - Responsible Minerals Assurance Process

1 source controls mapped|3 target controls covered

GDPR

1 source controls mapped|1 target controls covered

Own Risk and Solvency Assessment (ORSA) - NAIC Model Act

1 source controls mapped|3 target controls covered

APRA SPS 220 Risk Management (Superannuation)

1 source controls mapped|1 target controls covered

NIST SP 800-39

1 source controls mapped|3 target controls covered

Authorised Economic Operator (AEO) Programmes - Global Standards

1 source controls mapped|1 target controls covered

ISO 27005

1 source controls mapped|3 target controls covered

ICAO Annex 17 - Aviation Security (AVSEC)

1 source controls mapped|3 target controls covered

IATF 16949:2016 - Quality Management System for Automotive Production

1 source controls mapped|2 target controls covered

ISO/IEC 23894:2023

1 source controls mapped|3 target controls covered

ISO 22000

1 source controls mapped|1 target controls covered

UNESCO Recommendation on the Ethics of AI

1 source controls mapped|2 target controls covered

AS9100D - Aerospace Quality Management System

1 source controls mapped|2 target controls covered

ISO/IEC 27003:2017

1 source controls mapped|2 target controls covered

ISO 27799

1 source controls mapped|1 target controls covered

ISO 31000

1 source controls mapped|3 target controls covered

ISO 26262:2018 - Functional Safety for Road Vehicles

1 source controls mapped|1 target controls covered

ILO Tripartite Declaration of Principles concerning Multinational Enterprises (MNE Declaration)

1 source controls mapped|1 target controls covered

NIST SP 800-66

1 source controls mapped|1 target controls covered

MDS2 (Medical Device)

1 source controls mapped|1 target controls covered

NIST SP 800-37

1 source controls mapped|3 target controls covered

GLOBALG.A.P. Integrated Farm Assurance (IFA) Standard v6

1 source controls mapped|2 target controls covered

OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (2023 Update)

1 source controls mapped|1 target controls covered

UK Online Safety Act 2023

1 source controls mapped|3 target controls covered

NAIC Insurance Data Security Model Law (MDL-668)

1 source controls mapped|3 target controls covered

NIST SP 800-30

1 source controls mapped|3 target controls covered

Illinois Biometric Information Privacy Act (BIPA)

1 source controls mapped|1 target controls covered

Modern Slavery Act 2018 (Australia)

1 source controls mapped|1 target controls covered

UK Modern Slavery Act 2015

1 source controls mapped|1 target controls covered

Lloyd's of London Cyber Insurance Requirements and Underwriting Standards

1 source controls mapped|2 target controls covered

ISO 13485

1 source controls mapped|1 target controls covered

AS9100D:2016 - Quality Management Systems for Aviation, Space, and Defence

1 source controls mapped|1 target controls covered

MARS-E

1 source controls mapped|1 target controls covered

UK Age Appropriate Design Code (Children's Code)

1 source controls mapped|1 target controls covered

ISO 45001

1 source controls mapped|1 target controls covered

UNICEF Policy Guidance on AI for Children (2021)

1 source controls mapped|1 target controls covered

ISO 41001:2018 - Facility Management Systems

1 source controls mapped|1 target controls covered

ISO 39001:2012 - Road Traffic Safety Management

1 source controls mapped|1 target controls covered

ISO 50001:2018 - Energy Management Systems

1 source controls mapped|1 target controls covered

ISO 22313:2020 - Guidance on Business Continuity Management Systems

1 source controls mapped|1 target controls covered

FIRST CSIRT Services Framework and Standards

1 source controls mapped|1 target controls covered

OWASP DevSecOps Maturity Model (DSOMM)

1 source controls mapped|1 target controls covered

COSO Internal Control - Integrated Framework (2013)

1 source controls mapped|1 target controls covered

OWASP Top 10:2025

1 source controls mapped|1 target controls covered

Kuwait Data Privacy Protection Regulation (KDPPR, 2021 - CMA Directive)

1 source controls mapped|1 target controls covered

ISO/IEC 30111:2019

1 source controls mapped|2 target controls covered

NIST SP 800-171

1 source controls mapped|1 target controls covered

Pakistan Personal Data Protection Bill 2023

1 source controls mapped|1 target controls covered

Rwanda Law No. 058/2021 Relating to the Protection of Personal Data

1 source controls mapped|1 target controls covered

Serbia Law on Personal Data Protection (2018)

1 source controls mapped|1 target controls covered

ISO/IEC 27400:2022

1 source controls mapped|1 target controls covered

US NRC 10 CFR 73.54 - Cyber Security for Nuclear Power Plants

1 source controls mapped|1 target controls covered

RFC 2350 - Expectations for Computer Security Incident Response (BCP 21)

1 source controls mapped|3 target controls covered

Philippines Data Privacy Act (RA 10173)

1 source controls mapped|3 target controls covered

ISO 22320:2018

1 source controls mapped|3 target controls covered

Turkey Personal Data Protection Law (KVKK - Law No. 6698)

1 source controls mapped|2 target controls covered

IRS Publication 1075 - Tax Information Security Guidelines

1 source controls mapped|1 target controls covered

Nigeria Data Protection Act 2023 (NDPA)

1 source controls mapped|1 target controls covered

Singapore Payment Services Act (PSA) - Digital Payment Token Regulation

1 source controls mapped|2 target controls covered

Tanzania Personal Data Protection Act (Draft)

1 source controls mapped|1 target controls covered

Latvia Personal Data Processing Law (Fizisko personu datu apstrades likums, 2018)

1 source controls mapped|1 target controls covered

Voluntary Principles on Security and Human Rights (VPs)

1 source controls mapped|1 target controls covered

Zimbabwe Data Protection Act (2021)

1 source controls mapped|1 target controls covered

UK Telecommunications (Security) Act 2021

1 source controls mapped|2 target controls covered

HITECH Act

1 source controls mapped|1 target controls covered

Compare India CERT-In Cyber Security Directions 2022 with FTC GLBA Safeguards Rule (16 CFR Part 314)

Frequently Asked Questions

What is India CERT-In Cyber Security Directions 2022?

India CERT-In Cyber Security Directions 2022 is a compliance framework from India with 19 domains and 40 controls. The Indian Computer Emergency Response Team (CERT-In) Directions of April 2022 mandate cybersecurity practices for service providers, intermediaries, data centres, and government organizations in India. Key requirements include 6-hour incident reporting, 180-day log retention, KYC for VPN/cloud providers, and synchronized system clocks. Applies to all entities covered by the Information Technology Act 2000. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does India CERT-In Cyber Security Directions 2022 have?

India CERT-In Cyber Security Directions 2022 has 40 controls organised across 19 domains. The largest domains are Incident Reporting Requirements (9 controls), Customer onboarding (5 controls), Compliance and Cooperation (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does India CERT-In Cyber Security Directions 2022 map to?

India CERT-In Cyber Security Directions 2022 maps to 316 other compliance frameworks. The top mapping partners are FTC GLBA Safeguards Rule (16 CFR Part 314) (10% coverage), Nevada Gaming Control Board Cybersecurity Requirements (10% coverage), Lloyd's Minimum Standards - Cyber Security (10% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with India CERT-In Cyber Security Directions 2022 compliance?

Start your India CERT-In Cyber Security Directions 2022 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about India CERT-In Cyber Security Directions 2022 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 40 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.

Get Started Free →

Free forever — no credit card required