.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Meet the Securities and Exchange Board of India’s Cyber Security and Cyber Resilience Framework.The Securities and Exchange Board of India (SEBI) Cyber Security and Cyber Resilience Framework (CSCRF) sets cybersecurity requirements for SEBI-regulated entities such as stock exchanges, depositories, brokers, and mutual funds. It consolidates security, governance, and resilience requirements across the Indian securities market.
The CSCRF applies to a wide range of SEBI-regulated entities, with requirements scaled by entity size and type.
Who needs SEBI CSCRF?
Market infrastructure institutions
Stock exchanges, clearing corporations, and depositories.
Intermediaries
Brokers, mutual funds, and other SEBI-regulated intermediaries.
Key components
Governance
Board-level cybersecurity oversight and accountability.
Protective controls
Identity management, network security, and data protection.
Detection & response
Monitoring, incident detection, and response capabilities.
Cyber resilience
Business continuity and recovery for critical market functions.
How DSALTA helps with SEBI CSCRF
Activate SEBI CSCRF
Select the SEBI CSCRF from the Frameworks page. DSALTA maps its requirements to controls.
Frequently asked questions
Who must comply with the CSCRF?
Who must comply with the CSCRF?
SEBI-regulated entities including exchanges, depositories, brokers, and mutual funds, with requirements scaled by entity category.
Is the framework graded by entity size?
Is the framework graded by entity size?
Yes. The CSCRF classifies entities (for example by size and activity) and applies proportionate requirements to each category.