Hubbry Logo
Indian Computer Emergency Response TeamIndian Computer Emergency Response TeamMain
Open search
Indian Computer Emergency Response Team
Community hub
Indian Computer Emergency Response Team
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Indian Computer Emergency Response Team
Indian Computer Emergency Response Team
Indian Computer Emergency Response Team
View on Wikipedia
from Wikipedia

Indian Computer Emergency Response Team (CERT-In)
भारतीय कंप्यूटर आपातकालीन प्रतिक्रिया टीम
Map
Agency overview
Formed19 January 2004; 21 years ago (2004-01-19)[1][2]
Preceding agency
JurisdictionGovernment of India
HeadquartersNew Delhi, India[3]
28°35′11″N 77°14′22″E / 28.58639°N 77.23944°E / 28.58639; 77.23944
MottoHandling Cyber Security Incidents
Agency executive
Parent departmentMinistry of Electronics and Information Technology
Websiteसर्ट-इन.भारत , www.cert-in.org.in, www.सीएसके.सरकार.भारत , www.csk.gov.in

The Indian Computer Emergency Response Team (CERT-In or IN-CERT) is an office within the Ministry of Electronics and Information Technology of the Government of India.[3] It is the nodal agency to deal with cyber security incidents. It strengthens security-related defence of the Indian Internet domain.[5]

Background

[edit]

CERT-In, an acronym for 'Indian Computer Emergency Response Team', is the National Incident Response Centre for major computer security incidents in its constituency i.e. Indian cyber community. It was formed in 2004 by the Government of India under Information Technology Act, 2000 Section (70B) under the Ministry of Communications and Information Technology. CERT-In is a functional organisation of Ministry of Electronics and Information, Govt. of India, with an objective of securing Indian cyber space.[6]

CERT-In's primary role is to raise security awareness among Indian cyber community and to provide technical assistance and advise them to help them recover from computer security incidents.[6] It provides technical advice to System Administrators and users to respond to computer security incidents. It also identifies trends in intruder activity, works with other similar institutions & organisations to resolve major security issues, and disseminates information to the Indian cyber community. It also enlightens its constituents about the security awareness and best practices for various systems; networks by publishing advisories, guidelines and other technical document.[7]

CERT-In's vision is to proactively contribution in securing India's cyber space and building safe and trusted cyber ecosystem for the citizen. Its mission is to enhance the security of India's Communications and Information Infrastructure through proactive action and effective collaboration.[8]

Functions

[edit]

In December-2013, CERT-In reported there was a rise in cyber attacks on Government organisations like banking and finance, oil and gas and emergency services. It issued a list of security guidelines to all critical departments.[9] It liaisons with the Office of National Cyber Security Coordinator, National Security Council and National Information Board in terms of the nation's cyber security and threats. As a nodal entity, India's Computer Emergency Response Team (CERT-In) plays a crucial role under the Ministry of Electronics and Information Technology(MeitY).

Indian Computer Emergency Response Team (CERT-In) launched Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) on 21-February-2017 as part of the Government of India's Digital India initiative under MeitY.[10] Cyber Swachhta Kendra] (CSK) is a citizen centric service provided by CERT-In, which extends the vision of Swachh Bharat to the Cyber Space. CSK aims to secure India's digital IT Infrastructure by creating a dedicated mechanism for providing timely information about Botnet/Malware threats to the victim organisation/user and suggesting remedial actions to be taken by the concerned entity. The centre has been established for detection of compromised systems in India and to notify, enable cleaning and securing systems of end users to prevent further malware infections. The centre is working in close coordination and collaboration with Internet Service Providers, Academia and Industry. The centre is providing detection of malicious programs and free tools to remove the same for common users.

In September-2022, CERT-In hosted exercise 'Synergy' in collaboration with Cyber Security Agency, Singapore. It had a participation of 13 countries and was conducted as a part of the International Counter Ransomware Initiative-Resilience Working Group.[11]

Agreements

[edit]

A memorandum of understanding (MoU) was signed in May-2016 between the Indian Computer Emergency Response Team (CERT-In) and the Ministry of Cabinet Office, UK.

Earlier CERT-In signed MoUs with similar organisations in about seven countries – Korea, Canada, Australia, Malaysia, Singapore, Japan and Uzbekistan.

The Ministry of External Affairs has also signed MoU with Cyber Security as one of the areas of cooperation with Shanghai Cooperation Organisation. With the MoUs, participating countries can exchange technical information on Cyber attacks, respond to cybersecurity incidents and find solutions to counter the cyber attacks. They can also exchange information on prevalent cyber security policies and best practices. The MoUs helps to strengthen the cyber space of signing countries, capacity building and improving the relationship between them.[12]

A memorandum of understanding was signed by CERT-In and Mastercard to foster collaboration and information exchange in the field of financial sector cyber security. Both parties will take advantage of their combined knowledge in the areas of advanced malware analysis, cybersecurity incident response, capacity building, and exchanging cyber threat intelligence relevant to the banking sector.[13]

In March-2014, CERT-In reported a critical flaw in Android Jelly Bean's VPN implementation.[14]

In July-2020, CERT-In warned Google Chrome users to immediately upgrade to the new Chrome browser version 84.0.4147.89. Multiple vulnerabilities that could allow access to hackers were reported.[15]

In April-2021, issued a "high severity" rating advisory on the vulnerability detected on WhatsApp and WhatsApp Business for Android prior to v2.21.4.18 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32.[16]

According to the agency, India faced 11.5 million cyberattack incidents in 2021 including corporate attacks, and attacks on critical infrastructure and government agencies.[17]

On 04-December-2022, CERT-In was called in to investigate the cyber attack on All India Institute of Medical Sciences (AIIMS), Delhi.

On 19-July-2024, a computer outage relating to CrowdStrike tools in Microsoft systems was reported. CERT-In categorised the incident as "critical" and the IT minister, Ashwini Vaishnav said that the government is in touch with Microsoft and the issue will be resolved.[18][19]

Guidelines

[edit]

The IN-CERT issues guidelines on cybersecurity and critical vulnerabilities, from time to time. In April-2022, the IN-CERT issued a set of directions requiring certain cyber security measures to be undertaken by companies,[20] including the following:

  • Reporting of cyber incidents within six hours[21] to IN-CERT (which was limited to high-severity incidents through the FAQs)
  • Maintenance of ICT logs within the territory of India.[22] Pursuant to the FAQs, they may be stored outside India, provided the requirement to store such logs outside India is met if logs can be produced as and when solicited by IN-CERT;
  • Synchronisation of system time clocks with Network Time Protocol servers of National Physical Laboratory or National Informatics Centre; and
  • Additional obligations for VPN and VPS service providers.

Subsequently, the IN-CERT issued certain FAQs[23] which clarified and relaxed some of the aforesaid requirements.

References

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Indian Computer Emergency Response Team

View on Grokipedia
from Grokipedia
The Indian Computer Emergency Response Team (CERT-In) is the national nodal agency under the Ministry of Electronics and Information Technology, , tasked with coordinating the response to cybersecurity incidents affecting the Indian cyberspace. Operational since January 2004 and formalized under Section 70B of the , CERT-In's core functions encompass collecting and analyzing , issuing advisories and alerts, providing incident response support, conducting vulnerability assessments, and fostering security awareness among stakeholders. It maintains a 24x7 for incident reporting and operates as the point of contact for international cybersecurity coordination, enabling rapid dissemination of threat information to mitigate risks such as website intrusions, malware propagation, and phishing campaigns. In alone, CERT-In processed 1,402,809 reported incidents, underscoring its pivotal role in handling high-volume cyber threats amid India's expanding digital ecosystem. While praised for bolstering national cyber defenses through empirical incident and proactive guidelines, CERT-In's 2022 directions mandating six-hour incident reporting and five-year by intermediaries have drawn scrutiny for potentially straining compliance burdens on entities without commensurate safeguards.

History and Establishment

The Indian Computer Emergency Response Team (CERT-In) derives its legal foundation from Section 70B of the (IT Act), which mandates the to appoint, by notification in the Official Gazette, a to serve as the national for addressing cyber security incidents. This section outlines CERT-In's core functions, including incident coordination, early warning, and response guidelines, while granting it authority to collect information and issue directions to service providers and intermediaries. The IT Act itself was enacted by on June 9, 2000, to provide legal recognition for electronic transactions and combat cyber threats, with most provisions coming into force on October 17, 2000. CERT-In was formally designated as India's nodal agency under this framework and became operational in January 2004, marking the inception of structured national cyber incident response capabilities. This establishment addressed the growing need for centralized coordination amid rising cyber vulnerabilities in India's expanding digital infrastructure, building on international models like the U.S. CERT while adapting to domestic legal and technical contexts. Prior to 2004, cyber security efforts were , handled by various ministries without a unified response mechanism, underscoring the causal link between legislative empowerment and operational readiness. The agency's placement under the Ministry of Electronics and (initially under Communications and Information Technology) ensured alignment with national IT policy objectives. Subsequent notifications, such as the October 27, 2009, gazette clarifying CERT-In's status and functions under Section 70B(4), reinforced its mandate but did not alter the foundational 2004 inception. This legal structure emphasizes proactive threat mitigation over reactive measures, privileging empirical incident data for policy formulation.

Initial Operations and Evolution

CERT-In commenced operations in January 2004, shortly after its inauguration on 19 January 2004 by , the Minister of Communications, , and Disinvestment. The facility, established under the Department of (now Ministry of Electronics and ), served as the nodal point for addressing incidents reported by the Indian cyber community, with an initial emphasis on real-time monitoring, threat forecasting, and coordinated emergency responses. Its core functions from inception included collecting and analyzing incident data, issuing security alerts to mitigate vulnerabilities, and providing guidance to affected entities such as government departments, service providers, and private organizations. Early activities prioritized building foundational cybersecurity capacity amid rising internet penetration and nascent threats like malware propagation and unauthorized access. CERT-In handled initial incidents through a structured response lifecycle involving detection, , eradication, recovery, and post-incident review, often collaborating with domestic stakeholders to prevent escalation. Awareness initiatives, including advisories and training sessions, were launched to educate users on secure practices, while assessments targeted sectors. By 2004–2005, the agency had begun disseminating regular threat intelligence, marking a shift from reactive firefighting to proactive in India's expanding . The evolution of CERT-In's operations accelerated with the Information Technology (Amendment) Act, 2008, which enshrined its status as the national agency under Section 70B, mandating functions like incident coordination and policy formulation. This legislative reinforcement enabled expanded capabilities, including mandatory reporting protocols for service providers and enhanced forensic analysis tools. Incident volumes grew substantially, reflecting increased cyber activities; for instance, by the late , CERT-In was processing thousands of reports annually, evolving from ad-hoc responses to systematic threat hunting and international liaisons with bodies like US-CERT. Subsequent milestones included the 2013 National Cyber Security Policy integration, which broadened its remit to and , adapting to sophisticated attacks such as advanced persistent threats. Over this period, resource allocation shifted toward intelligence-driven operations, with annual reports documenting a transition to handling multifaceted incidents involving data breaches and network intrusions.

Organizational Structure and Governance

Leadership and Administrative Oversight

The Indian Computer Emergency Response Team (CERT-In) is led by a Director General, who functions as the head of the organization and oversees its operational and strategic activities, including incident response coordination and policy implementation. As of September 2025, Dr. Sanjay Bahl serves in this role, concurrently holding the position of Controller of Certifying Authorities. The reports to the Ministry of Electronics and Information Technology (MeitY) and is empowered under Section 70B of the , which designates CERT-In as the national nodal agency for cybersecurity threats. Administrative oversight of CERT-In resides with MeitY, which exercises control over its functions, , and alignment with national cybersecurity policies since the agency's formal designation in 2004. This structure ensures CERT-In's integration into broader government digital initiatives, though in July 2024, the Ministry of Home Affairs advocated for supervisory authority amid debates on coordinating internal security threats, with no subsequent transfer reported. Governance is supplemented by an Advisory Committee, which provides strategic guidance on emerging threats, policy formulation, and operational enhancements, drawing from expertise in government, academia, and technology sectors. Known members include Prof. N. Balakrishnan, Chairman of the Division of Information Sciences at the , and the Director General of the , reflecting a multi-stakeholder approach to oversight. The committee's composition supports CERT-In's mandate without altering MeitY's primary administrative .

Internal Operations and Resource Allocation

CERT-In's internal operations are structured around a hierarchical framework led by a , with core functions divided into specialized groups: the Assurance Group, responsible for vulnerability assessments and compliance; the CERT Operations Group, handling incident detection and response; the CERT Infrastructure Group, managing and systems; and the Training Group, focused on and skill development. These groups coordinate to process cybersecurity incidents, issue advisories, and conduct audits, with operational activities scaling to address over 1.5 million reported incidents in 2023. Resource allocation prioritizes incident response and resilience, as evidenced by the execution of nearly 9,700 cybersecurity audits across critical sectors in 2024–25. Budgetary provisions from the Ministry of Electronics and Information Technology support these efforts, with CERT-In receiving ₹255 in the 2025–26 budget estimates, marking a 5.8% increase from the ₹241 revised estimate for 2024–25 to enhance operational capabilities amid rising threats. Funds are directed toward maintaining 24/7 response mechanisms, technical tools, and personnel , though specific breakdowns by group remain undisclosed in public allocations. Manpower constraints have impacted efficiency, with the agency reporting an urgent need for additional staff to manage escalating and other incidents, as highlighted in submissions to parliamentary panels in early 2025. Recruitment drives, including calls for technical experts in October 2024, aim to bolster teams, but persistent shortages limit proactive resource deployment for forecasting and recovery operations. Despite these challenges, internal protocols emphasize coordinated group-level responses, leveraging centralized for real-time intelligence sharing.

Core Functions and Responsibilities

Cyber Incident Response

The Indian Computer Emergency Response Team (CERT-In) serves as the national nodal agency for coordinating and responding to cybersecurity incidents across India's cyberspace, as designated under Section 70B of the Information Technology Act, 2000 (amended 2008). Its primary responsibilities include collecting, analyzing, and disseminating information on incidents; issuing emergency measures for containment and mitigation; and providing technical assistance to affected entities for recovery and prevention. CERT-In coordinates response activities among government, private sector, and international partners, ensuring a unified approach to incident handling that prioritizes rapid threat neutralization and lessons learned dissemination. Incident response begins with mandatory reporting by service providers, intermediaries, data centers, and body corporates for specified cyber events, such as targeted scanning of critical networks, unauthorized access leading to data breaches, , or denial-of-service attacks, required within six hours of detection or awareness as per CERT-In's directions. Reports must include details like the nature of the incident, affected systems, exploited, and steps taken, submitted via CERT-In's online portal. Upon receipt, CERT-In verifies the report, conducts forensic analysis where necessary, and issues advisories or directives under Section 70B to enforce protective actions, such as system isolation or patch deployment. This process aligns with global standards outlined in RFC 2350, emphasizing structured handling to minimize damage and prevent recurrence. CERT-In provides specialized assistance to victims, including guidance on incident , , and , while maintaining a 24/7 operations center for real-time monitoring and response. It also conducts post-incident reviews to extract actionable intelligence, sharing anonymized lessons through vulnerability notes and advisories to bolster . In cases, for instance, CERT-In advises on decryption feasibility, backup restoration, and attacker attribution without endorsing ransom payments, focusing instead on systemic hardening. Operational scale underscores CERT-In's impact: it recorded 1.3 million incidents in 2022 and 1.5 million in 2023, spanning categories like , propagation, and intrusions, with coordinated responses aiding resolution in sectors. Drills such as "Cyber Shock-3" in 2023 simulated multi-sector attacks on banking and financial entities, testing response protocols and enhancing inter-agency collaboration. These efforts contribute to a Cyber Crisis Management Plan, emphasizing proactive forecasting integrated with reactive handling to address evolving threats like state-sponsored intrusions.

Threat Forecasting and Intelligence

CERT-In conducts threat forecasting by continuously monitoring domestic and international cyber threat environments, enabling the prediction and early warning of potential incidents to stakeholders. This includes the proactive collection and analysis of threat data to generate forecasts, alerts, and indicators of compromise (IoCs) that inform defensive strategies. The agency maintains an automated cyber threat intelligence exchange platform designed for real-time gathering, processing, and distribution of customized alerts across sectors, facilitating rapid response to emerging risks. CERT-In's intelligence efforts emphasize forensic analysis of incidents to derive actionable insights, including evidence collection and trend identification that underpin forecasting models. Key outputs of these activities include regular security alerts, advisories, and vulnerability notes disseminated to elevate awareness and preparedness. In 2023, CERT-In released 657 security alerts, 52 advisories, and 397 vulnerability notes, reflecting analyzed threats such as campaigns, vectors, and network vulnerabilities. Incident further supports ; with 1.5 million cybersecurity incidents handled in 2023—up from 1.3 million in 2022—CERT-In categorizes threats to project patterns like rising or attacks, aiding national prioritization of defenses.

Public Awareness and Capacity Building

CERT-In conducts public awareness campaigns to educate individuals and organizations on cybersecurity risks, emphasizing best practices for threat mitigation. These initiatives include the release of the Cyber Security Awareness Booklet during National Cyber Security Awareness Month (NCSAM) in October, targeting digital users ("Digital Nagriks") and enterprises with guidance on recognizing and countering threats such as , vishing, , malicious mobile apps, and frauds. The 2023 edition, themed "Secure Our World," addressed vulnerabilities specific to groups like senior citizens, children, women, and persons with disabilities, while promoting tools like free bot removal software, eScan antivirus, and M-Kavach 2 for endpoint protection, alongside reporting mechanisms via CERT-In's portal or the national helpline 1930. Annually, CERT-In observes NCSAM to foster nationwide vigilance, with the 2025 edition under the theme "CyberJagritBharat" (Cyber Awake ) promoting proactive cyber hygiene and incident reporting to reduce fraud and attacks. These efforts extend to advisories on emerging threats, encouraging public adoption of secure practices, software updates, and avoidance of suspicious or attachments, as detailed in CERT-In's vulnerability notes and public alerts. For , CERT-In collaborates with cybersecurity firms and product vendors to develop best practices, facilitate threat intelligence sharing, and enhance organizational response capabilities, including support for establishing sectoral Computer Security Incident Response Teams (CSIRTs). This includes training components aimed at building technical expertise among stakeholders, such as and entities, to improve incident handling and resilience against cyber incidents, though specific program metrics remain limited in public disclosures.

Regulatory Guidelines and Directives

Incident Reporting Mandates

The Directions for Information Security Practices, Procedure and Response to Cyber Security Incidents in India, issued by CERT-In on 28 April 2022 under Section 70B of the Information Technology Act, 2000, establish mandatory reporting obligations for cyber incidents to enhance national cybersecurity coordination. These directives apply to a broad range of entities, including service providers, intermediaries, data centres, body corporates, and government organisations handling computer resources in India or providing services to Indian users. Compliance became enforceable 60 days after issuance, effective from 27 June 2022, with no subsequent revocation or major amendments as of October 2025. Entities must notify CERT-In of specified cyber security incidents within six hours of noticing the event or being informed of it, enabling rapid triage and response. The report must be submitted in the prescribed format available on the CERT-In website, detailing the incident's nature, affected systems, and initial impact assessment. Reporting channels include the online form at https://www.cert-in.org.in/portal/emergency-incident-response/reporting-form.do, email to [email protected], toll-free phone (1800-11-4949), or fax (1800-11-6969). Failure to report promptly may result in penalties under the IT Act, though specific enforcement actions remain at CERT-In's discretion. The directives enumerate 21 categories of reportable incidents, encompassing threats to , system , and : In addition to reporting, entities are required to maintain detailed logs of cyber security events and retention policies for 180 days, furnishing them to CERT-In upon request to facilitate investigations. These mandates extend to providers and VPN services, mandating real-time information sharing on user data for incidents involving Indian IP addresses or users. CERT-In verifies report authenticity, conducts , and may coordinate further , underscoring the directives' focus on proactive threat intelligence over retrospective compliance.

Compliance Frameworks for Entities

The primary compliance framework for entities under CERT-In's mandate derives from the Directions issued on April 28, 2022, under Section 70B(7) of the , which apply to service providers, intermediaries, data centres, body corporates, and government organizations. These require reporting of specified cybersecurity incidents—such as targeted scanning of critical networks, unauthorized access to IT systems, , compromise of critical systems, theft of sensitive data, attacks on or critical information infrastructure, malicious code, denial-of-service, and , among 22 categories—within six hours of becoming aware or reasonably suspecting the incident. Entities must designate a for such reporting and enable comprehensive logging of ICT infrastructure, retaining logs securely for a rolling period of 180 days to support forensic analysis and regulatory enforcement. Additional retention obligations target specific intermediaries: (VPS) providers, cloud service providers, and record-of-purchase maintainers must log and retain subscriber details, including KYC information, IP addresses, addresses, and timestamps, for five years, while records require similar five-year retention of user identification and usage data. All entities are directed to synchronize system clocks with via trusted (NTP) servers and report any identified vulnerabilities or exposures in ICT systems. Non-adherence constitutes an offense under the IT Act, punishable by fines up to ₹1 or imprisonment, emphasizing CERT-In's authority to direct measures for securing critical information infrastructure. CERT-In supplements these directives with advisory guidelines to facilitate proactive compliance, including the 2023 Guidelines on Practices for Government Entities, which prescribe controls for , access management, , and incident response, such as mandatory and regular vulnerability assessments. For private and MSME entities, frameworks encompass the Guidelines for Secure Application Design, Development, Deployment, and Maintenance (emphasizing input validation, secure coding, and penetration testing) and the 2025 15 Elemental Cyber Defense Controls for MSMEs, outlining baseline measures like asset inventory, access controls, backups, and employee training to mitigate common threats. The July 2025 Comprehensive Cyber Security Audit Policy Guidelines establish standardized audit methodologies, including risk assessments, control evaluations, and reporting protocols, enabling empaneled auditors to verify adherence, with implications for sectors handling sensitive or . These frameworks collectively aim to enforce minimum cybersecurity hygiene, though implementation challenges persist due to varying entity capacities and the directives' broad scope.

International Cooperation and Agreements

Bilateral and Multilateral Partnerships

CERT-In has established bilateral partnerships primarily through memoranda of understanding (MoUs) focused on threat intelligence sharing and incident response coordination. In January 2017, CERT-In signed an MoU with the United States Computer Emergency Readiness Team (US-CERT), enabling real-time exchange of cybersecurity information, collaborative vulnerability analysis, and mutual assistance in handling cross-border incidents. Similarly, India entered into a cybersecurity cooperation agreement with Brazil, which includes provisions for CERT-level exchanges on cyber attack data, joint response mechanisms, and technology sharing relevant to emergency operations, though the exact signing date remains unspecified in public records. These agreements emphasize operational interoperability but have been limited in number, reflecting CERT-In's selective approach to formal bilateral ties amid geopolitical considerations. On the multilateral front, CERT-In maintains active membership in key global and regional forums to facilitate standardized incident handling and threat dissemination. It has been a full member of the Forum of Incident Response and Security Teams (FIRST) since 2006, participating in its collaborative platform for over 600 teams worldwide to share indicators of compromise and coordinate responses to large-scale attacks. As an operational member of the Computer Emergency Response Team (AP-CERT) since the same year, CERT-In engages in regional exercises and intelligence feeds tailored to threats, such as state-sponsored intrusions prevalent in the area. CERT-In's multilateral engagements extend to high-level diplomatic platforms, including the , where it led a cybersecurity exercise and drill on January 31, 2023, involving over 400 participants from more than 12 countries to simulate cross-border incident response. Through these forums, CERT-In contributes to and benefits from global norms on vulnerability disclosure and , though participation often prioritizes over binding commitments. Such collaborations enhance India's but depend on reciprocal trust, which can be strained by differing national priorities in attribution and enforcement.

Role in Global Cyber Diplomacy

CERT-In facilitates India's engagement in global cyber diplomacy by serving as the technical focal point for international information sharing on cyber threats and vulnerabilities, acting as a liaison with foreign and agencies to align incident response practices across borders. As a member of the Forum of Incident Response and Security Teams (FIRST), a global association of over 600 incident response teams, CERT-In participates in collaborative exercises and threat coordination that underpin diplomatic . Similarly, its involvement in the Asia-Pacific (APCERT) network supports regional multilateral efforts to standardize responses to transnational attacks, contributing to broader diplomatic initiatives on cyber norms. Through bilateral agreements, such as the 2020 operational collaboration protocol with Spain's counterpart agency, CERT-In enables real-time exchange of incident data, best practices, and technical infrastructure support, which strengthens diplomatic ties and mutual legal assistance in cyber investigations. It also engages with networks like the 24/7 International Contact Group for , sharing intelligence to facilitate arrests and evidence preservation in cross-jurisdictional cases. In , CERT-In contributed to planning and scenario development for three international exercises while participating as an active player in seven others, demonstrating its role in building operational interoperability that informs India's positions in multilateral forums. These activities extend to partnerships with , where CERT-In aids in attributing state-sponsored threats, thereby supporting diplomatic attributions and sanctions discussions. CERT-In's technical inputs have indirectly advanced India's advocacy for inclusive cyber governance frameworks, such as those discussed in UN processes, by providing empirical on incident trends that highlight the need for attributable without endorsing unverified attribution claims from biased sources. Annual reports emphasize ongoing expansion of these partnerships to address evolving threats like attacks, positioning CERT-In as a key enabler of India's in cyber diplomacy amid geopolitical tensions.

Achievements and Operational Impact

Key Metrics and Incident Resolutions

CERT-In has tracked and coordinated responses to a rapidly increasing volume of cybersecurity incidents, reflecting the growing threat landscape in . In 2022, it handled 1,391,457 incidents, encompassing website intrusions, malware propagation, malicious code, , and distributed denial-of-service attacks. This rose to 1,592,917 incidents in 2023 and further to 2,041,360 in 2024, with coordination involving mitigation of vulnerable services and targeted responses to high-impact threats like viruses and malicious codes, where 161,757 such incidents were addressed in 2022 alone. Key response metrics include proactive issuance of vulnerability notes, security alerts, and advisories to enable rapid resolutions across sectors. In 2023, CERT-In published 397 vulnerability notes detailing exploitable flaws, 657 security alerts on emerging threats, and 52 advisories providing mitigation guidance, contributing to the containment of incidents such as campaigns that saw a 53% year-over-year increase in reports during 2022. These outputs support entity-level resolutions by outlining patching, scanning, and recovery steps, with CERT-In's coordination facilitating takedowns of sites and distribution networks.
YearIncidents HandledNotable Response Outputs
20221,391,457488 notes; 653 alerts; 38 advisories; 19,793 defacements addressed
20231,592,917397 notes; 657 alerts; 52 advisories
20242,041,360Enhanced analysis and sector-specific mitigations
Incident resolutions emphasize forensic analysis, stakeholder collaboration, and preventive hardening, though detailed closure rates remain limited in public reporting due to operational sensitivities; for instance, CERT-In's handling of and DoS incidents in 2022 involved direct interventions reducing propagation, as evidenced by tracked reductions in active exploits post-alerts. Overall, these metrics underscore CERT-In's role in scaling national response capacity amid escalating threats.

Contributions to National Cybersecurity Posture

The Indian Computer Emergency Response Team (CERT-In) has strengthened India's national cybersecurity posture by serving as the central nodal agency for incident coordination and response, handling 1.3 million cybersecurity incidents in 2022 and 1.5 million in 2023, which facilitated timely , forensic , and the development of a Cyber Crisis Management Plan to guide large-scale handling. This response capability has enabled the aggregation of from diverse sectors, improving predictive intelligence and reducing the propagation of attacks across . In 2024, CERT-In processed over 2 million incidents, primarily website intrusions and , contributing to enhanced visibility into evolving threats like . CERT-In's issuance of cybersecurity guidelines and advisories has standardized protective measures nationwide, with over 1,750 advisories released in alone to address vulnerabilities in software, networks, and emerging technologies such as AI. These directives, enforced under Section 70B of the Information Technology Act, mandate compliance for service providers and critical entities, fostering proactive defenses that have mitigated risks in sectors like and power utilities. Additionally, the conduct of over 9,700 audits in fiscal year has identified systemic weaknesses, enforced regulatory adherence, and elevated the overall maturity of organizational security practices. Capacity-building initiatives by CERT-In, including 92 cybersecurity mock drills across sectors by mid-2024, have tested and bolstered institutional readiness against simulated attacks, revealing gaps in coordination and response times. Training programs have equipped thousands of professionals with skills in incident handling and forensics, while annual awareness campaigns, such as National Cyber Security Awareness Month, promote best practices among government, industry, and the public, indirectly fortifying the human element of national defenses. These efforts collectively enhance resilience by integrating empirical threat data into policy, though rising incident volumes underscore the need for sustained investment in enforcement and technology adoption.

Controversies and Criticisms

2022 Directives and Privacy Debates

In April 2022, the Indian Computer Emergency Response Team (CERT-In) issued directives under Section 70B(6) of the Information Technology Act, 2000, mandating service providers, intermediaries, data centers, body corporates, and government organizations to report cybersecurity incidents within six hours of detection or awareness. These directions expanded the scope of reportable incidents to include targeted scanning, unauthorized access, website defacement, and compromised systems used for attacks, requiring detailed submissions via specified channels. Additionally, entities such as Virtual Private Network (VPN) providers, cloud services, and Virtual Server providers were required to maintain specified logs—including user names, email addresses, IP addresses, and timestamps—for at least 180 days, with certain records retained for five years, and to enable identification of users upon request. The directives sparked significant debates, with critics arguing that the broad mandates conflicted with user expectations, particularly for privacy-focused tools like VPNs, and lacked proportionality in the absence of a comprehensive protection framework. Industry stakeholders, including VPN operators, contended that mandatory undermined core service functionalities, potentially exposing users to risks without judicial oversight or clear breach thresholds, and could violate constitutional rights as affirmed in the 2017 Justice K.S. Puttaswamy judgment. In response, several international VPN providers, such as ProtonVPN, , , and Surfshark, either geoblocked Indian users or discontinued services entirely to avoid compliance, citing irreconcilability with no-logs policies essential for user trust. Domestic challenges emerged, including a petition by hosting provider S.N. Hosting against the directives' retrospective application and overreach, highlighting operational burdens on small entities. CERT-In addressed some concerns through Frequently Asked Questions released in May 2022, clarifying that logs could be stored outside if readily producible to authorities and that the six-hour reporting applied only to confirmed incidents, not mere alerts. Enforcement for data retention aspects was deferred by three months to September 2022 to allow adaptation, though the core reporting obligations took effect in 2022. Proponents of the directives emphasized their necessity for rapid threat intelligence amid rising cyberattacks, such as ransomware incidents affecting Indian entities, arguing that enhanced traceability bolsters without inherently enabling mass surveillance. However, ongoing critiques from organizations like the noted risks to innovation in privacy-enhancing technologies and potential chilling effects on digital freedoms, underscoring tensions between cybersecurity imperatives and individual in India's evolving regulatory landscape.

Inter-Ministerial Conflicts and Transparency Issues

In July 2024, the Ministry of Home Affairs (MHA) and the Ministry of Electronics and Information Technology (MeitY) engaged in a public dispute over administrative control of CERT-In, with MHA advocating for its transfer to enhance capabilities in investigations. MHA argued that integrating CERT-In with its (I4C) would streamline threat intelligence sharing and response, given the increasing overlap between cybersecurity incidents and criminal probes, such as those involving or state-sponsored attacks. In contrast, MeitY maintained that CERT-In's mandate under Section 70B of the , focuses on technical coordination, incident response, and national cybersecurity policy, extending beyond MHA's purview to include protection and international partnerships. This jurisdictional friction exemplifies broader inter-ministerial coordination challenges in India's cybersecurity apparatus, where parallel entities—such as CERT-In under MeitY, the National Critical Information Infrastructure Protection Centre (NCIIPC) under the , and I4C under MHA—operate with overlapping remits but insufficient unified oversight. Reports indicate that these silos have delayed responses to incidents, with MHA pushing for CERT-In's realignment to prioritize internal security threats amid rising cross-border cyber activities from actors in and . The Prime Minister's Office has been drawn into deliberations to resolve the impasse, underscoring how such conflicts risk fragmenting national strategy at a time when India reported over 1.3 million cyber incidents in 2023 alone. Transparency concerns compound these tensions, as CERT-In's operations lack independent external audits or detailed public disclosures on incident handling and practices, despite mandatory reporting under its 2022 directives. Critics, including industry bodies, have highlighted opaque decision-making in CERT-In's enforcement, such as unannounced audits and limited justification for data retention periods up to five years, which fuels perceptions of gaps amid the ministerial tug-of-war. The absence of a centralized exacerbates this, with no statutory mechanism for inter-ministerial or mandatory annual transparency reports on CERT-In's and metrics, potentially undermining stakeholder trust in its impartiality. As of late 2024, these issues persist without formal resolution, contributing to calls for legislative reforms to clarify CERT-In's reporting lines and enhance oversight.

Resource and Efficacy Challenges

CERT-In operates under notable resource constraints, including insufficient manpower for comprehensive incident response. The Ministry of Electronics and Information Technology (MeitY) informed a parliamentary panel in March 2025 that CERT-In faces challenges due to limited staff, particularly in conducting onsite activities to assist affected entities against threats like . This shortfall limits the agency's capacity for hands-on mitigation in high-impact cases, relying instead on remote advisories and coordination. India's overall cybersecurity workforce gap amplifies these pressures, with the country requiring approximately one million skilled professionals but possessing only about 500,000 as of 2025. Around 40% of Indian cybersecurity teams, including those supporting national response efforts, understaffing, compounded by retention difficulties and skill mismatches. Funding for CERT-In remains modest relative to the threat volume, with an allocation of ₹255 in the 2025 Union Budget, a slight increase from ₹238 in 2024-25. This budget supports operations amid escalating demands but has drawn implicit scrutiny for not scaling proportionally to incident surges. Efficacy is strained by these resources, as evidenced by CERT-In handling 1,592,917 incidents in 2023—a quadrupling from 394,499 in —primarily through and reporting rather than exhaustive analysis for all cases. Manpower limitations hinder proactive onsite interventions, potentially delaying containment of sophisticated attacks and reducing overall resilience against persistent threats like and propagation. Additionally, discrepancies in CERT-In's incident reporting compared to sector-specific , such as in healthcare, suggest gaps in verification and granularity that undermine coordinated responses.

Recent Developments

2023-2025 Threat Responses

In 2023, CERT-In recorded approximately 1.5 million cybersecurity incidents, a rise from 1.3 million in , prompting enhanced coordination of incident response activities and the formulation of a Cyber Crisis Management Plan to counter cyber attacks and across entities. The agency issued advisories in November 2023 to ministries, outlining measures for strengthening cybersecurity, including vulnerability assessments and incident reporting protocols. These efforts addressed a surge in threats such as and advanced persistent threats (APTs), with CERT-In providing technical assistance to affected organizations for recovery and . During 2024, CERT-In responded to escalating incidents by publishing a comprehensive Ransomware Report analyzing trends, exploited vulnerabilities, and attack vectors observed throughout the year, emphasizing the need for offline backups and rapid isolation of infected systems. The agency participated in the APCERT Cyber Drill on August 29, 2024, focused on APT group attack responses, simulating detection and strategies to bolster national preparedness. Amid 22.68 reported incidents nationwide—doubling from 10.29 in 2022—CERT-In coordinated with sector-specific entities, issuing vulnerability notes on critical software flaws to preempt exploits in infrastructure like financial and healthcare systems. In 2025, CERT-In intensified responses to emerging hybrid threats, joining the APCERT Cyber Drill on themed "When Ransomware Meets Generative AI," which tested defenses against AI-augmented extortion tactics. The agency released multiple advisories on high-severity vulnerabilities, including CIAD-2025-0039 for products on October 22 and CIAD-2025-0038 for other software on October 18, urging immediate patching to mitigate remote code execution risks. In March, CERT-In advised against unmitigated use of AI models due to inherent vulnerabilities like prompt injection and data poisoning, recommending secure deployment practices. By mid-2025, cumulative incidents exceeded 2.2 million since 2021, with CERT-In mandating enhanced logging and access controls via a June advisory to industries facing , DDoS, and data breaches. These measures aligned with a recorded 369.01 million detections in 2024, averaging 702 per minute, underscoring CERT-In's role in proactive threat intelligence dissemination.

Policy and Guideline Updates

In July 2025, CERT-In issued the Comprehensive Cyber Security Audit Policy Guidelines under the , mandating standardized annual cybersecurity audits for government entities, sectors, and CERT-In-empanelled auditors. These guidelines expand audit scope to encompass (OT), application programming interfaces (APIs), supply chains, and cloud environments, with requirements for leadership accountability, centralized log retention for at least 180 days, and reporting of incidents within six hours of detection. The policy aims to enhance national by enforcing structured processes, including assessments and compliance verification, applicable to public and private organizations handling sensitive data. On September 1, 2025, CERT-In released Security Guidelines CISG-2025-03, outlining 15 elemental cyber defense controls tailored for micro, small, and medium enterprises (MSMEs). These controls emphasize basic measures such as access management, patch deployment, and incident response planning, with a focus on cost-effective implementation to address the high of smaller entities, which reported over 20% of national incidents in prior years. The guidelines integrate with existing directives, requiring MSMEs to align with six-hour breach reporting timelines established in 2022 amendments. CERT-In also updated technical guidelines on Bills of Materials (BOM) in July 2025 (version 2.0), covering Software BOM (SBOM), Quality BOM (QBOM), Component BOM (CBOM), AI BOM (AIBOM), and Hardware BOM (HBOM) for transparency in critical systems. These directives mandate documentation of components to mitigate risks from third-party vulnerabilities, building on 2024 releases and applying to sectors like defense and . Sector-specific updates include the February 2025 Cyber Security Guidelines for Infrastructure, which require secure deployment of IoT devices, regular firmware updates, and integration with national incident reporting frameworks. In April 2025, CERT-In published good practices for Unmanned Aircraft Systems (UAS), stressing hardware BOM adherence, for telemetry , and geo-fencing controls to counter aerial cyber threats. These guidelines reflect CERT-In's shift toward proactive, technology-specific policies amid rising incidents, with over 1.5 million reported in 2023 alone.

References

  1. https://www.cert-in.org.in/
  2. https://www.cert-in.org.in/PDF/RFC2350.pdf
  3. https://www.upguard.com/blog/cybersecurity-regulations-india
  4. https://www.pib.gov.in/PressReleasePage.aspx?PRID=2037115
  5. https://irglobal.com/article/understanding-computer-emergency-response-team-cert-in-indias-cybersecurity-response-framework/
  6. https://www.cert-in.org.in/Downloader?pageid=22&type=2&fileName=ANUAL-2022-0001.pdf
  7. https://www.mondaq.com/india/social-media/1233722/new-cert-in-directions-overview-and-implications
  8. https://www.azbpartners.com/bank/cert-in-directions/
  9. https://www.indiacode.nic.in/show-data?actid=AC_CEN_45_76_00001_200021_1517807324077&sectionId=13102&sectionno=70B&orderno=93
  10. https://www.cert-in.org.in/s2cMainServlet?pageid=AUTHORITY
  11. https://www.meity.gov.in/static/uploads/2024/03/ITbill_2000.pdf
  12. https://cis-india.org/internet-governance/files/cert-ins-proactive-mandate.pdf
  13. https://www.cert-in.org.in/PDF/CERT-In_Directions_70B_28.04.2022.pdf
  14. https://avantiscdnprodstorage.blob.core.windows.net/legalupdatedocs/19514/Cert_In_issues_description_of_the_CERT_In_in_accordance_with_RFC_2350_Oct112022.pdf
  15. https://archive.pib.gov.in/newsite/PrintRelease.aspx?relid=744
  16. https://www.webasha.com/blog/when-did-cyber-security-start-in-india-a-timeline-of-events-laws-and-milestones
  17. https://www.cert-in.org.in/Downloader?pageid=22&type=2&fileName=ANUAL-2011-0021.pdf
  18. https://www.facebook.com/DARPGIndia/posts/we-are-honored-to-welcome-dr-sanjay-bahl-director-general-cert-in-as-a-panelist-/1109380864651659/
  19. https://www.linkedin.com/posts/indiancert-cert-in_drsanjay-bahl-director-general-cert-in-activity-7316403071738085376-cJY3
  20. https://wblp.in/organization/certin
  21. https://indianexpress.com/article/india/both-home-and-it-ministries-pitch-for-control-of-nodal-cyber-security-watchdog-cert-in-9450203/
  22. https://www.cert-in.org.in/s2cMainServlet?pageid=PUBADCOM01
  23. https://www.cert-in.org.in/RTI/org_chart.pdf
  24. https://carnegieendowment.org/research/2025/09/mapping-indias-cybersecurity-administration-in-2025?lang=en
  25. https://www.pib.gov.in/PressReleseDetail.aspx?PRID=2148943
  26. https://m.economictimes.com/tech/technology/union-budget-2025-meity-get-a-48-boost-pli-in-electronics-indiaai-mission-cybersecurity-main-thrust-areas/articleshow/117832573.cms
  27. https://www.hindustantimes.com/india-news/budgetary-allocation-for-meity-up-by-48-focus-on-electronics-semiconductors-101738405554095.html
  28. https://www.hindustantimes.com/india-news/certin-short-of-staff-to-help-curb-ransomware-meity-to-parliamentary-panel-101742582378531.html
  29. https://master-meity.digifootprint.gov.in/static/uploads/2024/10/093b53eed2873f48b3eccf9c248394b4.pdf
  30. https://www.cert-in.org.in/s2cMainServlet?pageid=PUBROLFUN01
  31. https://www.cert-in.org.in/Directions70B.jsp
  32. https://www.cert-in.org.in/SecurityIncident.jsp
  33. https://www.indiascienceandtechnology.gov.in/organisations/ministry-and-departments/ministry-electronics-and-information-technology-meity-govt-india/indian-computer-emergency-response-team-icert-new-delhi
  34. https://www.securityium.com/indian-computer-emergency-response-team-role-in-cybersecurity/
  35. https://www.cert-in.org.in/s2cMainServlet?pageid=PRESSLIST
  36. https://www.pib.gov.in/PressReleasePage.aspx?PRID=2116341
  37. https://sansad.in/getFile/annex/268/AU2293_8JRVzN.pdf?source=pqars
  38. https://www.cert-in.org.in/Downloader?pageid=22&type=2&fileName=ANUAL-2024-0001.pdf
  39. https://www.cert-in.org.in/PDF/CSA_Booklet.pdf
  40. https://www.facebook.com/IndianCERT/posts/cert-in-is-observing-october-2025-as-national-cyber-security-awareness-month-ncs/1107255721530506/
  41. https://pib.gov.in/PressReleasePage.aspx?PRID=2015416
  42. https://www.securityium.com/responsibilities-of-cert-in-key-roles-in-cybersecurity/
  43. https://www.cert-in.org.in/PDF/guidelinesgovtentities.pdf
  44. https://www.cert-in.org.in/PDF/Application_Security_Guidelines.pdf
  45. https://www.cert-in.org.in/PDF/Elemental_Cyber_Defense_Controls_for_MSME.pdf
  46. https://www.cert-in.org.in/PDF/Comprehensive_Cyber_Security_Audit_Policy_Guidelines.pdf
  47. https://www.scconline.com/blog/post/2017/01/13/india-cert-signs-an-mou-with-us-cert/
  48. https://www.gov.br/gsi/pt-br/seguranca-da-informacao-e-cibernetica/assuntos-internacionais/memorandos-de-entendimento/india/MoUSegCiberBrasilendiaIngls.pdf
  49. https://www.apcert.org/about/structure/members.html
  50. https://sansad.in/getFile/loksabhaquestions/annex/183/AU3789_Zyjc2K.pdf?source=pqals
  51. https://www.mea.gov.in/Portal/LegalTreatiesDoc/IS20B3705.pdf
  52. https://www.hackers4u.com/How-Does-International-Cooperation-Strengthen-India%25E2%2580%2599s-Cyber-Defense
  53. https://www.first.org/newsroom/releases/202503-8
  54. https://www.moneycontrol.com/news/business/cert-in-tackled-over-1-39-million-cybersecurity-incidents-in-2022-annual-report-11742261.html
  55. https://www.hindustantimes.com/india-news/cybersecurity-incidents-tracked-by-cert-in-quadrupled-in-last-4-years-101733512342858.html
  56. https://www.cert-in.org.in/PDF/RANSOMWARE_Report_2022.pdf
  57. https://www.cert-in.org.in/Downloader?pageid=22&type=2&fileName=ANUAL-2023-0001.pdf
  58. https://www.business-standard.com/india-news/1-39-million-cyberattacks-handled-in-2022-phishing-attacks-rise-cert-in-123111500614_1.html
  59. https://www.cert-in.org.in/PDF/RANSOMWARE_Report_2024.pdf
  60. https://www.apcert.org/documents/pdf/APCERT_Annual_Report_2024.pdf
  61. https://www.hackers4u.com/why-is-cert-in-critical-for-indias-cybersecurity-infrastructure
  62. https://www.cert-in.org.in/s2cMainServlet?pageid=PUBANULREPRT
  63. https://www.internetsociety.org/resources/doc/2022/internet-impact-brief-india-cert-in-cybersecurity-directions-2022/
  64. https://www.wired.com/story/vpn-firms-flee-india-data-collection-law/
  65. https://www.medianama.com/2022/10/223-snthostings-petition-cert-cybersecurity-directions/
  66. https://www.india-briefing.com/news/indias-new-cybersecurity-directives-what-are-they-and-why-are-industry-players-unhappy-25006.html/
  67. https://www.saikrishnaassociates.com/cert-in-publishes-frequently-asked-questions-in-furtherance-of-its-cyber-security-directions/
  68. https://www.cert-in.org.in/PDF/FAQs_on_CyberSecurityDirections_May2022.pdf
  69. https://techcrunch.com/2022/06/27/india-delays-strict-new-vpn-rules-by-3-months/
  70. https://natlawreview.com/article/cyber-security-india-revamps-rules-mandatory-incident-reporting-allied-compliances
  71. https://m.economictimes.com/news/india/cybersecurity-turf-war-why-home-ministry-and-it-ministry-are-at-odds-over-cert-in/articleshow/111760837.cms
  72. https://timesofindia.indiatimes.com/technology/tech-news/why-home-ministry-and-it-ministry-want-control-of-indias-cybersecurity-agency/articleshow/111759042.cms
  73. https://upsc-cms-prod.s3.ap-south-1.amazonaws.com/public/current-affairs/articles/13-07-2024/Both%2520Home%2520and%2520IT%2520Ministries%2520pitch%2520for%2520control%2520of%2520Cert-In.pdf
  74. https://cybersecureindia.in/cybersecurity-india-rethinking-cybersecurity-structure-a-tale-of-two-ministries-and-the-prime-ministers-office/
  75. https://vajiramandravi.com/current-affairs/the-tug-of-war-for-cert-in-it-ministry-vs-home-affairs/
  76. https://www.hackers4u.com/What-Challenges-Does-India-Face-in-Updating-Its-Cybersecurity-Policy
  77. https://the420.in/the-missing-link-why-indias-cybersecurity-framework-needs-inter-departmental-collaboration/
  78. https://www.secopsolution.com/blog/cert-in-the-good-and-bad-side-of-indias-nodal-cybersecurity-body
  79. https://law.asia/problems-with-cybersecurity-rules/
  80. https://carnegieendowment.org/research/2025/03/interpreting-indias-cyber-statecraft?lang=en
  81. https://qtanalytics.in/journals/index.php/JBMIS/article/download/4934/2469/15486
  82. https://bwsecurityworld.com/technology/indias-cybersecurity-talent-shortage-mounting-risk-to-digital-ascent/
  83. https://www.livemint.com/mint-lounge/business-of-life/india-cybersecurity-skill-gap-11754807365228.html
  84. https://www.businessworld.in/article/40-of-indian-cybersecurity-teams-understaffed-almost-70-positions-vacant-report-574742
  85. https://m.economictimes.com/jobs/mid-career/understaffing-in-cybersecurity-roles-and-ways-to-stem-skill-gaps/articleshow/104613504.cms
  86. https://ssrana.in/articles/union-budget-2025-set-to-boost-ai-data-security-and-privacy-initiatives/
  87. https://www.linkedin.com/pulse/indias-cybersecurity-ai-leap-union-budget-2024-25-allocation-xbnrc
  88. https://www.researchgate.net/publication/381540234_AN_EVIDENCE-BASED_INVESTIGATION_OF_CERT-IN%27S_REPORTING_ON_CYBER-THREATS_IN_HEALTHCARE_SECTOR
  89. https://www.pib.gov.in/PressReleasePage.aspx?PRID=2176146
  90. https://ssrana.in/articles/cert-in-issues-advisory-against-use-of-ai-models/
  91. https://www.eimt.edu.eu/25-major-cyber-attacks-in-india-threats-and-strategies
  92. https://www.mondaq.com/india/data-protection/1627784/cert-in-issues-advisory-for-all-industries-to-safeguard-business-operations-against-cyber-security-threats-mandates-log-analytics-and-role-based-access-as-default
  93. https://practiceguides.chambers.com/practice-guides/cybersecurity-2025/india/trends-and-developments/O20301
  94. https://www.medianama.com/2025/07/223-cert-in-cybersecurity-audit-rules-india/
  95. https://www.cert-in.org.in/s2cMainServlet?pageid=GUIDLNVIEW01
  96. https://www.cert-in.org.in/PDF/TechnicalGuidelines-on-SBOM%2CQBOM&CBOM%2CAIBOM_and_HBOM_ver2.0.pdf
  97. https://www.cert-in.org.in/PDF/Guidelines_for_Smart_City_Infrastructure.pdf
  98. https://www.cert-in.org.in/PDF/CIWP-2025-0001.pdf
Add your contribution
Related Hubs
User Avatar
No comments yet.