India CERT-In Cyber Security Directions 2022
The Indian Computer Emergency Response Team (CERT-In) Directions of April 2022 mandate cybersecurity practices for service providers, intermediaries, data centres, and government organizations in India. Key requirements include 6-hour incident reporting, 180-day log retention, KYC for VPN/cloud providers, and synchronized system clocks. Applies to all entities covered by the Information Technology Act 2000.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (8)
CERT-In Audit + Drills + Training
| Code | Title |
|---|---|
| CERTIN-Audit-Drills-Training-AwarenessProgram-CERTInExercises-CISO | CERT-In Audit + Cyber Security Drills + Training + Awareness + CERT-In Cyber Exercises + CISO + Information Security Auditor Empanelment |
CERT-In Compliance + Cooperation (Dir 14-17)
| Code | Title |
|---|---|
| CERTIN-Compliance-Cooperation-CERTInOrders-Penalties-Applicability-Dir14to17-Section44-IT-Act | CERT-In Directions 14-17 Compliance and Cooperation - Mandatory Cooperation with CERT-In + Information Requests + Action Directives + Applicability + Penalties for Non-Compliance + Sec 44 + Sec 70B(7) IT Act |
CERT-In Coordination + Cross-Regulator
| Code | Title |
|---|---|
| CERTIN-Coord-RBI-SEBI-IRDAI-I4C-DPDPAct-SectoralCERTs-NCIIPC-IndiaStack | CERT-In Coordination - RBI + SEBI + IRDAI Cyber Frameworks + DPDP Act 2023 DPBI + I4C Cybercrime + Sectoral CERTs + NCIIPC CII Protection + DPI India Stack + International CSIRTs |
CERT-In Incident Reporting (Dir 1-4)
| Code | Title |
|---|---|
| CERTIN-IncidentReporting-6Hour-Mandatory-Format-POC-20Categories-Section70B-Dir1to4 | CERT-In Directions 1-4 Incident Reporting - Mandatory 6-Hour Window + 20 Categories + Standardised Report Format + Designated Point of Contact + 24x7 Channel |
CERT-In Logging + Clock Sync (Dir 5-7)
| Code | Title |
|---|---|
| CERTIN-Logging-180DayRetention-IndiaLocalisation-NTP-NIC-NPL-CERTIn-Access-Dir5to7 | CERT-In Directions 5-7 System Logging + Clock Synchronization - 180-Day Log Retention in India + NTP Synchronisation with NIC/NPL + Log Availability to CERT-In on Order |
CERT-In Scope + Section 70B Authority
| Code | Title |
|---|---|
| CERTIN-Scope-Section70B-IT-Act-2000-Directions-28April2022-Effective-28June2022-MeitY-CERTIn-Applicability | CERT-In Directions Scope + Section 70B IT Act 2000 + Directions of 28 April 2022 + Effective 28 June 2022 + MeitY/CERT-In Governance + Applicability to All Entities + 17 Directions Structure |
CERT-In Service Provider Obligations (Dir 8-10)
| Code | Title |
|---|---|
| CERTIN-DC-VPS-VPN-CloudSP-CustomerKYC-SubscriberRecords-5YearRetention-Dir8to10 | CERT-In Directions 8-10 Service Provider Obligations - Data Centre + Virtual Private Server + VPN Service Provider Customer KYC + Subscriber Records + 5-Year Retention After Cancellation |
CERT-In VASP Requirements (Dir 11-13)
| Code | Title |
|---|---|
| CERTIN-VASP-VirtualAsset-CryptoExchange-KYC-FinancialTransactionRecords-DigitalPayment-Dir11to13 | CERT-In Directions 11-13 Virtual Asset Service Provider Requirements - KYC for Virtual Asset Exchanges/Custodian Wallets + Financial Transaction Records + Digital Payment System Incident Reporting |
Your Compliance Coverage
If you comply with India CERT-In Cyber Security Directions 2022, you already cover:
Maps to 87 other frameworks
Frequently Asked Questions
What is India CERT-In Cyber Security Directions 2022?
India CERT-In Cyber Security Directions 2022 is a compliance framework from India with 8 domains and 8 controls. The Indian Computer Emergency Response Team (CERT-In) Directions of April 2022 mandate cybersecurity practices for service providers, intermediaries, data centres, and government organizations in India. Key requirements include 6-hour incident reporting, 180-day log retention, KYC for VPN/cloud providers, and synchronized system clocks. Applies to all entities covered by the Information Technology Act 2000. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does India CERT-In Cyber Security Directions 2022 have?
India CERT-In Cyber Security Directions 2022 has 8 controls organised across 8 domains. The largest domains are CERT-In Audit + Drills + Training (1 controls), CERT-In Compliance + Cooperation (Dir 14-17) (1 controls), CERT-In Coordination + Cross-Regulator (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does India CERT-In Cyber Security Directions 2022 map to?
India CERT-In Cyber Security Directions 2022 maps to 87 other compliance frameworks. The top mapping partners are FTC GLBA Safeguards Rule (16 CFR Part 314) (38% coverage), APRA CPS 234 (38% coverage), ASD Strategies to Mitigate Cyber Security Incidents (38% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with India CERT-In Cyber Security Directions 2022 compliance?
Start your India CERT-In Cyber Security Directions 2022 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about India CERT-In Cyber Security Directions 2022 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.
Get Started Free →Free forever — no credit card required