SEBI CSCRF - Our Point of View

In order to strengthen the cybersecurity measures in Indian securities market, and to ensure adequate cyber resiliency against cybersecurity incidents/ attacks, Securities and Exchange Board of India (SEBI) has released the Cybersecurity and Cyber Resilience Framework (CSCRF). The CSCRF aims to provide standards and guidelines for strengthening cyber resilience and maintaining robust cybersecurity of SEBI regulated entities (REs). This framework shall supersede existing SEBI cybersecurity circulars/ guidelines/ advisories/ letters.

REs shall put in place appropriate systems and procedures to ensure compliance with the provisions of CSCRF, and conduct cyber audit. Cyber audit reports along with other required documents shall be submitted as per timelines provided in the CSCRF.

The CSCRF is standards based and broadly covers the five cyber resiliency goals adopted from Cyber Crisis Management Plan (CCMP) of Indian Computer Emergency Response Team (CERT-In)- Anticipate, Withstand, Contain, Recover, Evolve. These cyber resiliency goals have been linked with the following cybersecurity functions - Governance, Identify, Protect, Detect, Respond, Recover.

CSCRF has introduced a Cyber Capability Index (CCI). The CCI enables rating the cybersecurity and resilience controls of the REs and submit their CCI scores. The CCI for MIIs and Qualified REs shall help these REs to monitor and assess their progress and cyber resilience on a periodic basis.

• For six categories of REs where cybersecurity and cyber resilience circular already exists: by January 01, 2025.
• For other REs where CSCRF is being issued for the first time: by April 01, 2025.

KPMG in India professionals will work with your team and conduct a combination of interviews, workshops, policy and process reviews and technical testing to help you manage your cybersecurity issues. To strategically enable your ongoing transformation, KPMG in India brings a combination of strengths across — cyber experience, deep business understanding and skilled people who deliver innovative thinking and practical implementation. We’ll use our strengths to help you achieve compliance and improve maturity.