Back to Frameworks

India CERT-In Cyber Security Directions 2022

India
v2022
8 domains
8 controls

The Indian Computer Emergency Response Team (CERT-In) Directions of April 2022 mandate cybersecurity practices for service providers, intermediaries, data centres, and government organizations in India. Key requirements include 6-hour incident reporting, 180-day log retention, KYC for VPN/cloud providers, and synchronized system clocks. Applies to all entities covered by the Information Technology Act 2000.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (8)

CERT-In Audit + Drills + Training

1 controls
Controls in the CERT-In Audit + Drills + Training domain of India CERT-In Cyber Security Directions 20221 controls
CodeTitle
CERTIN-Audit-Drills-Training-AwarenessProgram-CERTInExercises-CISOCERT-In Audit + Cyber Security Drills + Training + Awareness + CERT-In Cyber Exercises + CISO + Information Security Auditor Empanelment

CERT-In Compliance + Cooperation (Dir 14-17)

1 controls
Controls in the CERT-In Compliance + Cooperation (Dir 14-17) domain of India CERT-In Cyber Security Directions 20221 controls
CodeTitle
CERTIN-Compliance-Cooperation-CERTInOrders-Penalties-Applicability-Dir14to17-Section44-IT-ActCERT-In Directions 14-17 Compliance and Cooperation - Mandatory Cooperation with CERT-In + Information Requests + Action Directives + Applicability + Penalties for Non-Compliance + Sec 44 + Sec 70B(7) IT Act

CERT-In Coordination + Cross-Regulator

1 controls
Controls in the CERT-In Coordination + Cross-Regulator domain of India CERT-In Cyber Security Directions 20221 controls
CodeTitle
CERTIN-Coord-RBI-SEBI-IRDAI-I4C-DPDPAct-SectoralCERTs-NCIIPC-IndiaStackCERT-In Coordination - RBI + SEBI + IRDAI Cyber Frameworks + DPDP Act 2023 DPBI + I4C Cybercrime + Sectoral CERTs + NCIIPC CII Protection + DPI India Stack + International CSIRTs

CERT-In Incident Reporting (Dir 1-4)

1 controls
Controls in the CERT-In Incident Reporting (Dir 1-4) domain of India CERT-In Cyber Security Directions 20221 controls
CodeTitle
CERTIN-IncidentReporting-6Hour-Mandatory-Format-POC-20Categories-Section70B-Dir1to4CERT-In Directions 1-4 Incident Reporting - Mandatory 6-Hour Window + 20 Categories + Standardised Report Format + Designated Point of Contact + 24x7 Channel

CERT-In Logging + Clock Sync (Dir 5-7)

1 controls
Controls in the CERT-In Logging + Clock Sync (Dir 5-7) domain of India CERT-In Cyber Security Directions 20221 controls
CodeTitle
CERTIN-Logging-180DayRetention-IndiaLocalisation-NTP-NIC-NPL-CERTIn-Access-Dir5to7CERT-In Directions 5-7 System Logging + Clock Synchronization - 180-Day Log Retention in India + NTP Synchronisation with NIC/NPL + Log Availability to CERT-In on Order

CERT-In Scope + Section 70B Authority

1 controls
Controls in the CERT-In Scope + Section 70B Authority domain of India CERT-In Cyber Security Directions 20221 controls
CodeTitle
CERTIN-Scope-Section70B-IT-Act-2000-Directions-28April2022-Effective-28June2022-MeitY-CERTIn-ApplicabilityCERT-In Directions Scope + Section 70B IT Act 2000 + Directions of 28 April 2022 + Effective 28 June 2022 + MeitY/CERT-In Governance + Applicability to All Entities + 17 Directions Structure

CERT-In Service Provider Obligations (Dir 8-10)

1 controls
Controls in the CERT-In Service Provider Obligations (Dir 8-10) domain of India CERT-In Cyber Security Directions 20221 controls
CodeTitle
CERTIN-DC-VPS-VPN-CloudSP-CustomerKYC-SubscriberRecords-5YearRetention-Dir8to10CERT-In Directions 8-10 Service Provider Obligations - Data Centre + Virtual Private Server + VPN Service Provider Customer KYC + Subscriber Records + 5-Year Retention After Cancellation

CERT-In VASP Requirements (Dir 11-13)

1 controls
Controls in the CERT-In VASP Requirements (Dir 11-13) domain of India CERT-In Cyber Security Directions 20221 controls
CodeTitle
CERTIN-VASP-VirtualAsset-CryptoExchange-KYC-FinancialTransactionRecords-DigitalPayment-Dir11to13CERT-In Directions 11-13 Virtual Asset Service Provider Requirements - KYC for Virtual Asset Exchanges/Custodian Wallets + Financial Transaction Records + Digital Payment System Incident Reporting

Maps to 87 other frameworks

8 total controls
FTC GLBA Safeguards Rule (16 CFR Part 314)
3 source controls mapped|6 target controls covered
38%
APRA CPS 234
3 source controls mapped|7 target controls covered
38%
ASD Strategies to Mitigate Cyber Security Incidents
3 source controls mapped|5 target controls covered
38%
HKMA SPM
3 source controls mapped|2 target controls covered
38%
GLBA
3 source controls mapped|3 target controls covered
38%
FFIEC Cybersecurity Assessment Tool (CAT)
3 source controls mapped|3 target controls covered
38%
APRA CPS 230 Operational Risk Management
2 source controls mapped|3 target controls covered
25%
Florida Digital Bill of Rights (FDBR)
2 source controls mapped|2 target controls covered
25%
US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements
2 source controls mapped|1 target controls covered
25%
IEEE 1686
2 source controls mapped|3 target controls covered
25%
API 1164
2 source controls mapped|6 target controls covered
25%
ISO/IEC 27010:2015
2 source controls mapped|2 target controls covered
25%
Azure Security Benchmark
2 source controls mapped|3 target controls covered
25%
AWS Well-Architected Security Pillar
2 source controls mapped|3 target controls covered
25%
Protective Security Policy Framework (PSPF) Release 2024
2 source controls mapped|2 target controls covered
25%
ASIS SPC.1-2009 - Organizational Resilience Standard
2 source controls mapped|5 target controls covered
25%
IMO Maritime Cybersecurity Guidelines (MSC-FAL.1/Circ.3/Rev.2)
2 source controls mapped|2 target controls covered
25%
IEEE 7000
2 source controls mapped|1 target controls covered
25%
ISO/IEC 27031:2011
2 source controls mapped|3 target controls covered
25%
UAE Virtual Asset Regulatory Authority (VARA) Regulations
1 source controls mapped|1 target controls covered
13%
Bank Secrecy Act / Anti-Money Laundering (BSA/AML)
1 source controls mapped|4 target controls covered
13%
GHG Protocol
1 source controls mapped|1 target controls covered
13%
IFRS 17 - Insurance Contracts
1 source controls mapped|1 target controls covered
13%
OWASP ASVS
1 source controls mapped|1 target controls covered
13%
MITRE D3FEND
1 source controls mapped|1 target controls covered
13%
CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0
1 source controls mapped|2 target controls covered
13%
ISO/IEC 27011:2024
1 source controls mapped|2 target controls covered
13%
South Korea Cloud Security Assurance Program (CSAP)
1 source controls mapped|1 target controls covered
13%
COBIT 2019
1 source controls mapped|1 target controls covered
13%
IEC 62351 - Power Systems Communication Security
1 source controls mapped|2 target controls covered
13%
ISO/IEC 38500:2024 - Governance of IT
1 source controls mapped|1 target controls covered
13%
BS 65000:2014 - Guidance on Organizational Resilience
1 source controls mapped|1 target controls covered
13%
ISO/IEC 27007:2020
1 source controls mapped|1 target controls covered
13%
French Sapin II Law (Law No. 2016-1691)
1 source controls mapped|2 target controls covered
13%
Vietnam Law on Cybersecurity (No. 24/2018/QH14)
1 source controls mapped|2 target controls covered
13%
Vermont Artificial Intelligence and Consumer Data Act (AICDA)
1 source controls mapped|1 target controls covered
13%
US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule
1 source controls mapped|3 target controls covered
13%
UK Defence Standard 05-138 - Cyber Security for Defence Suppliers
1 source controls mapped|1 target controls covered
13%
TEFCA - Trusted Exchange Framework and Common Agreement
1 source controls mapped|1 target controls covered
13%
Singapore Cybersecurity Act 2018
1 source controls mapped|1 target controls covered
13%
Privacy Act 1988 (Australia)
1 source controls mapped|2 target controls covered
13%
PCAOB AS 2201 - Audit of Internal Control Over Financial Reporting (ICFR)
1 source controls mapped|2 target controls covered
13%
Pakistan Personal Data Protection Bill 2023
1 source controls mapped|1 target controls covered
13%
OWASP Top 10:2025
1 source controls mapped|1 target controls covered
13%
OWASP DevSecOps Maturity Model (DSOMM)
1 source controls mapped|1 target controls covered
13%
Law No. 172-13 on the Protection of Personal Data
1 source controls mapped|2 target controls covered
13%
South Korea PIPA
1 source controls mapped|1 target controls covered
13%
India DPDP Act
1 source controls mapped|2 target controls covered
13%
ISO/IEC 27400:2022
1 source controls mapped|1 target controls covered
13%
Annex 11 to EU GMP - Computerised Systems
1 source controls mapped|2 target controls covered
13%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
1 source controls mapped|3 target controls covered
13%
APPI
1 source controls mapped|3 target controls covered
13%
BSI IT-Grundschutz
1 source controls mapped|6 target controls covered
13%
ISO/IEC 30111:2019
1 source controls mapped|2 target controls covered
13%
Bahrain PDPL
1 source controls mapped|3 target controls covered
13%
NIST SP 800-171
1 source controls mapped|1 target controls covered
13%
ISO/IEC 29147:2018
1 source controls mapped|2 target controls covered
13%
COSO Internal Control - Integrated Framework (2013)
1 source controls mapped|1 target controls covered
13%
Canada ITSG-33 - IT Security Risk Management
1 source controls mapped|1 target controls covered
13%
13%
FedRAMP Rev 5
1 source controls mapped|2 target controls covered
13%
FIRST CSIRT Services Framework and Standards
1 source controls mapped|1 target controls covered
13%
Ghana Cybersecurity Act
1 source controls mapped|4 target controls covered
13%
HITECH Act
1 source controls mapped|1 target controls covered
13%
NIST AI Risk Management Framework (AI RMF 1.0)
1 source controls mapped|3 target controls covered
13%
ISO/IEC 29134:2023
1 source controls mapped|3 target controls covered
13%
ISO/IEC 27014:2020
1 source controls mapped|2 target controls covered
13%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
1 source controls mapped|2 target controls covered
13%
FBI CJIS Security Policy
1 source controls mapped|1 target controls covered
13%
AML/CTF Act 2006 (Australia)
1 source controls mapped|1 target controls covered
13%
Barbados Data Protection Act 2019
1 source controls mapped|1 target controls covered
13%
FATF Recommendation 16 - Virtual Asset Travel Rule
1 source controls mapped|1 target controls covered
13%
FDA 21 CFR Part 11
1 source controls mapped|1 target controls covered
13%
Family Educational Rights and Privacy Act (FERPA)
1 source controls mapped|1 target controls covered
13%
FISMA
1 source controls mapped|3 target controls covered
13%
13%
ICAO Annex 17 - Aviation Security (AVSEC)
1 source controls mapped|2 target controls covered
13%
IATF 16949:2016 - Quality Management System for Automotive Production
1 source controls mapped|2 target controls covered
13%
GLOBALG.A.P. Integrated Farm Assurance (IFA) Standard v6
1 source controls mapped|1 target controls covered
13%
German Supply Chain Due Diligence Act (LkSG)
1 source controls mapped|2 target controls covered
13%
FSSC 22000 - Food Safety System Certification
1 source controls mapped|1 target controls covered
13%

Frequently Asked Questions

What is India CERT-In Cyber Security Directions 2022?

India CERT-In Cyber Security Directions 2022 is a compliance framework from India with 8 domains and 8 controls. The Indian Computer Emergency Response Team (CERT-In) Directions of April 2022 mandate cybersecurity practices for service providers, intermediaries, data centres, and government organizations in India. Key requirements include 6-hour incident reporting, 180-day log retention, KYC for VPN/cloud providers, and synchronized system clocks. Applies to all entities covered by the Information Technology Act 2000. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does India CERT-In Cyber Security Directions 2022 have?

India CERT-In Cyber Security Directions 2022 has 8 controls organised across 8 domains. The largest domains are CERT-In Audit + Drills + Training (1 controls), CERT-In Compliance + Cooperation (Dir 14-17) (1 controls), CERT-In Coordination + Cross-Regulator (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does India CERT-In Cyber Security Directions 2022 map to?

India CERT-In Cyber Security Directions 2022 maps to 87 other compliance frameworks. The top mapping partners are FTC GLBA Safeguards Rule (16 CFR Part 314) (38% coverage), APRA CPS 234 (38% coverage), ASD Strategies to Mitigate Cyber Security Incidents (38% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with India CERT-In Cyber Security Directions 2022 compliance?

Start your India CERT-In Cyber Security Directions 2022 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about India CERT-In Cyber Security Directions 2022 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.

Get Started Free →

Free forever — no credit card required