Previous 2 / 8 Next

And whereas, as per provisions of sub-section (6) of section 70B of the IT Act, 2000, CERT-In is empowered and competent to call for information and give directions to the service providers, intermediaries, data centres, body corporate and any other person for carrying out the activities enshrined in sub-section (4) of section 70B of the IT Act, 2000. And whereas, various instances of cyber incidents and cyber security incidents have been and continue to be reported from time to time and in order to coordinate response activities as well as emergency measures with respect to cyber security incidents, the requisite information is either sometime not found available or readily not available with service providers/data centres/body corporate and the said primary information is essential to carry out the analysis, investigation and coordination as per the process of law. And whereas, it is considered expedient in the interest of the sovereignty or integrity of India, defence of India, security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence using computer resource or for handling of any cyber incident, that following directions are issued to augment and strengthen the cyber security in the country: (i) All service providers, intermediaries, data centres, body corporate and Government organisations shall connect to the Network Time Protocol (NTP) Server of National Informatics Centre (NIC) or National Physical Laboratory (NPL) or with NTP servers traceable to these NTP servers, for synchronisation of all their ICT systems clocks. Entities having ICT infrastructure spanning multiple geographies may also use accurate and standard time source other than NPL and NIC, however it is to be ensured that their time source shall not deviate from NPL and NIC. (ii) Any service provider, intermediary, data centre, body corporate and Government organisation shall mandatorily report cyber incidents as mentioned in Annexure I to CERT-In within 6 hours of noticing such incidents or being brought to notice about such incidents. The incidents can be reported to CERT-In via email (incident@cert-in.org.in), Phone (180011-4949) and Fax (1800-11-6969). The details regarding methods and formats of reporting cyber security incidents is also published on the website of CERT-In www.cert-in.org.in and will be updated from time to time. Page 2 of 8

Select target paragraph3

● ● ●

No. 20(3)/2022 CERT-In

Document

State

India

Type of Document (for States): Policy Implementation Frameworks and Action Plans

Topics

Critical Infrastructure
Cyber Crime
Economy and Finance
Human & Digital Rights
Incident and Emergency Response
National Cyber Defense

United Nations Regional Group

Asia-Pacific States

Summary

Guidance relating to information security practices, procedure, prevention, response, and reporting of cyber incidents for Safe & Trusted Internet.
The guidance requires service providers, intermediary, data centre, body corporate, and Government organizations to report cyber incidents to India’s Computer Emergency Response Team (“CERT-In”) within six hours of noticing such incidents or being notified about such incidents.

Source Link 1: https://privacyblogfullservice.huntonwilliamsblogs.com/wp-content/uploads/sites/28/2022/05/CERT-In_Directions_70B_28.04.2022-2.pdf

Year Published: 2022

Date Published: Apr 28, 2022

Document Language(s)

English

Preview

Map

Latitude: 20.593684

Longitude: 78.96288

Map (linked Document): India

Primary Documents

2022_India_en_No. 20(3).2022 CERT-In.pdf
english
Download View