CERT-In Cybersecurity Guidelines (India)
Understanding mandatory cybersecurity incident reporting, compliance requirements,
and security controls as mandated by the Indian Computer Emergency Response Team (CERT-In).
About CERT-In
The Indian Computer Emergency Response Team (CERT-In) is the national agency
responsible for responding to cybersecurity incidents, issuing alerts and advisories,
and coordinating cyber incident response across India.
CERT-In operates under the Ministry of Electronics and Information Technology (MeitY)
and derives its authority from the Information Technology Act, 2000.
Why CERT-In Guidelines Are Mandatory
- Protect national security and critical infrastructure
- Enable early detection and coordinated cyber response
- Prevent large-scale data breaches and systemic cyber risks
- Ensure accountability of organizations handling digital assets
- Strengthen India’s cyber resilience posture
These guidelines apply to government organizations, enterprises, data centers, cloud service providers,
telecom providers, financial institutions, healthcare, energy, and digital service providers.
Mandatory Cyber Incident Reporting Timeline
As per CERT-In directions:
⏱️ All cybersecurity incidents must be reported to CERT-In within 6 HOURS of detection.
Delayed or non-reporting may attract regulatory scrutiny and penalties under applicable laws.
Cyber Incidents That Must Be Reported
- Data breaches and data leakage incidents
- Ransomware, malware, and botnet attacks
- Website defacement
- Unauthorized access or privilege escalation
- Denial-of-Service (DoS / DDoS) attacks
- Cloud security breaches
- Supply chain compromises
- Attacks on critical systems or infrastructure
Mandatory Artifacts to Be Submitted to CERT-In
The following details and artifacts must be preserved and shared:
- Incident description and impact summary
- Date and time of detection
- System IP addresses and hostnames
- Network logs, firewall logs, proxy logs
- Server and application logs
- Indicators of Compromise (IOCs)
- Malware samples (if available)
- Root cause analysis (RCA)
- Remediation and containment actions taken
- Contact details of incident response team
Cybersecurity Tool Mapping for CERT-In Compliance
| CERT-In Requirement | Security Function | Purpose |
|---|---|---|
| Incident Detection | SIEM / SOC | Real-time monitoring, alerting, and correlation |
| Threat Identification | IDS / IPS / NDR | Detect malicious activity and network anomalies |
| Endpoint Protection | EDR / XDR | Detect malware, ransomware, lateral movement |
| Log Retention | Centralized Log Management | Preserve logs for investigation and compliance |
| Incident Response | SOAR / IR Playbooks | Automate containment and response actions |
| Email Threats | Email Security | Prevent phishing and email-borne malware |
| Cloud Incidents | CSPM / CWPP | Detect misconfigurations and cloud breaches |
| Evidence Preservation | Forensics & Backup | Ensure integrity of incident artifacts |