{"id":7936,"date":"2023-09-28T18:13:18","date_gmt":"2023-09-28T12:43:18","guid":{"rendered":"https:\/\/www.tikaj.com\/?page_id=7936"},"modified":"2024-03-15T14:36:21","modified_gmt":"2024-03-15T09:06:21","slug":"reserve-bank-of-india-rbi-cyber-security-framework","status":"publish","type":"page","link":"https:\/\/www.tikaj.com\/reserve-bank-of-india-rbi-cyber-security-framework\/","title":{"rendered":"RBI Cyber Security Framework for UCBs"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

\n RBI Cyber Security Framework for Urban <\/span>\n\t\t\t\t\t\t\t\t\t <\/span>Cooperative Banks (UCBs)<\/span><\/svg><\/span><\/span> <\/span><\/span> <\/h1>\n \t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Baselining Requirements of the RBI Cyber Security Framework for Cyber Risk Management<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The Reserve Bank of India (RBI) has developed a Cyber Security Framework, outlined in circulars DCBS.CO.PCB.Cir.No.1\/18.01.000\/2018-19 and DoS.CO\/CSITE\/BC.4083\/31.01.052\/2019-20, to ensure the security and confidentiality of banking operations in the digital age.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Download RBI Cyber Security Framework Checklist<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

We have curated the complete checklist to help you achive this compliance.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tDownload for free<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"RBI\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

What is RBI Cyber Security <\/span>Framework Compliance?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The RBI’s Cyber Security Framework<\/a><\/span>, issued in December 2019, establishes a graded approach for UCBs (non-scheduled and scheduled commercial banks) and other regulated entities of the financial sector to enhance their baseline cyber security and resilience.\u00a0<\/p>

It categorizes UCBs into four levels (I-IV) based on factors like digital adoption, payment system integration, cyber risk assessment and third party risks. This facilitates the implementation of security measures tailored to the specific needs and risk profiles of each UCB.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

\n Comprehensive RBI Cyber Security Framework<\/span>\n\t\t\t\t\t\t\t\t\t <\/span><\/br> Compliance Levels<\/span><\/svg><\/span><\/span> <\/span><\/span> <\/h2>\n \t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\r\n\t\t\t
<\/div>\r\n\t\t<\/div>\r\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\r\n\r\n\t\t\t\t\t\t\t\r\n\t\t\t\t\t
\r\n\t\t\t\t\r\n\r\n\r\n\t\t\t\t\t\"Level\t\t\t\t<\/span>\r\n\t\t\t<\/div>\r\n\t\t\r\n\t\t\t\t\r\n\t\t\t
\r\n\r\n\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t

\r\n\t\t\t\t\r\n\t\t\t\t\tLevel I <\/br> Compliance\t\t\t\t<\/span>\r\n\t\t\t<\/h4>\r\n\t\t\r\n\r\n\t\t\r\n\t\t\t\t\t\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t\t\t
\r\n\t\t\t\t\t\t\t
<\/div>\r\n\t\t\t\t\t\t<\/div>\r\n\t\t\t\t\t\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t
\r\n\t\t\t\t\t\t

Initiate your journey towards enhanced cyber security with Level I controls as outlined in Annex I, a comprehensive checklist to kickstart your compliance process. These foundational measures include a bank-specific email domain with DMARC controls and two-factor authentication for Core Banking Solutions (CBS).<\/span><\/p>\t\t\t\t\t<\/div>\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t<\/div>\r\n\t\t<\/div>\r\n\r\n\t\t\r\n\t\t\r\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\r\n\r\n\t\t\t\t\t\t\t\r\n\t\t\t\t\t
\r\n\t\t\t\t\r\n\r\n\r\n\t\t\t\t\t\"Level\t\t\t\t<\/span>\r\n\t\t\t<\/div>\r\n\t\t\r\n\t\t\t\t\r\n\t\t\t
\r\n\r\n\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t

\r\n\t\t\t\t\r\n\t\t\t\t\tLevel II <\/br>Compliance\t\t\t\t<\/span>\r\n\t\t\t<\/h4>\r\n\t\t\r\n\r\n\t\t\r\n\t\t\t\t\t\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t\t\t
\r\n\t\t\t\t\t\t\t
<\/div>\r\n\t\t\t\t\t\t<\/div>\r\n\t\t\t\t\t\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t
\r\n\t\t\t\t\t\t

Ascend to an advanced security plane by embracing Level II controls. If your UCB is a sub-member of Centralised Payment Systems and offers internet or mobile banking, achieving Level II compliance is indispensable. The additional controls encapsulate Data Loss Prevention Strategy, Anti-Phishing, and a thorough Vulnerability Assessment and Penetration Testing (VA\/PT) of critical applications.<\/span><\/p>\t\t\t\t\t<\/div>\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t<\/div>\r\n\t\t<\/div>\r\n\r\n\t\t\r\n\t\t\r\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\r\n\r\n\t\t\t\t\t\t\t\r\n\t\t\t\t\t
\r\n\t\t\t\t\r\n\r\n\r\n\t\t\t\t\t\"Level\t\t\t\t<\/span>\r\n\t\t\t<\/div>\r\n\t\t\r\n\t\t\t\t\r\n\t\t\t
\r\n\r\n\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t

\r\n\t\t\t\t\r\n\t\t\t\t\tLevel III & Level IV Compliance\t\t\t\t<\/span>\r\n\t\t\t<\/h4>\r\n\t\t\r\n\r\n\t\t\r\n\t\t\t\t\t\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t\t\t
\r\n\t\t\t\t\t\t\t
<\/div>\r\n\t\t\t\t\t\t<\/div>\r\n\t\t\t\t\t\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t
\r\n\t\t\t\t\t\t

Propel your security framework to the pinnacle by aligning with Level III and Level IV controls if your UCB hosts its own ATM switch, has a SWIFT interface or is involved in hosting data centers. These levels infuse advanced real-time threat defense, risk-based transaction monitoring, and a structured Cyber Security Operation Center (C-SOC), orchestrating a herculean shield against cyber threats.<\/span><\/p>\t\t\t\t\t<\/div>\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t<\/div>\r\n\t\t<\/div>\r\n\r\n\t\t\r\n\t\t\r\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Need to know your bank's level according to RBI Guidelines on Cyber Security?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

We’ve got you covered. Our comprehensive toolkit helps you determine your bank’s standing in terms of baseline cybersecurity and resilience, as outlined by the RBI guidelines. It includes the tool to check your levels and also\u00a0 cybersecurity compliance checklist to ensure you’re implementing the necessary measures according to your level.

We want to make sure you don’t have any troubles addressing cyber threats and achieving regulatory compliance.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tDownload free toolkit here<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
guide<\/h6>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Building a Robust Cybersecurity Posture: A Step-by-Step Guide for UCBs<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Following the exploration of the framework’s key aspects, this section provides actionable steps for Indian Banks especially UCBs to implement the framework effectively.<\/p>

\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\r\n\r\n\t\t\t\t\t\t\t\r\n\t\t\t\t\t
\r\n\t\t\t\t\r\n\r\n\r\n\t\t\t\t\t\r\n\t\t\t\t\t\t<\/i>\r\n\r\n\t\t\t\t\t\t\t\t\t<\/span>\r\n\t\t\t<\/div>\r\n\t\t\r\n\t\t\t\t\r\n\t\t\t
\r\n\r\n\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t
\r\n\t\t\t\t\r\n\t\t\t\t\t01.\t\t\t\t<\/span>\r\n\t\t\t<\/h5>\r\n\t\t\r\n\r\n\t\t\t\t\t
\r\n\t\t\t\tConduct a Cybersecurity Risk Assessment\t\t\t<\/div>\r\n\t\t\r\n\t\t\t\t\t\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t
\r\n\t\t\t\t\t\t

The first step involves conducting a comprehensive security assessment to identify vulnerabilities in UCB’s systems, networks, and processes. This assessment should consider internal threats, external threats, and the specific risk profile associated with the UCB’s digital footprint.<\/p>\t\t\t\t\t<\/div>\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t<\/div>\r\n\t\t<\/div>\r\n\r\n\t\t\r\n\t\t\r\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\r\n\r\n\t\t\t\t\t\t\t\r\n\t\t\t\t\t
\r\n\t\t\t\t\r\n\r\n\r\n\t\t\t\t\t\r\n\t\t\t\t\t\t<\/i>\r\n\r\n\t\t\t\t\t\t\t\t\t<\/span>\r\n\t\t\t<\/div>\r\n\t\t\r\n\t\t\t\t\r\n\t\t\t
\r\n\r\n\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t
\r\n\t\t\t\t\r\n\t\t\t\t\t02.\t\t\t\t<\/span>\r\n\t\t\t<\/h5>\r\n\t\t\r\n\r\n\t\t\t\t\t
\r\n\t\t\t\tCybersecurity Policy and Dedicated Cybersecurity Function\t\t\t<\/div>\r\n\t\t\r\n\t\t\t\t\t\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t
\r\n\t\t\t\t\t\t

Based on the risk assessment findings, UCBs need to develop a comprehensive cybersecurity policy<\/b> or information security policy. It can also be expanded into a set of multiple cyber security policies addressing specific areas like password management and mobile device security. This comprehensive policy framework ensures alignment with business and regulatory requirements.<\/p>

To handle third-party risks<\/b>, security policy compliance agreements can be established with third-party vendors handling sensitive data. Additionally, a\u00a0cybersecurity strategy should be formulated, outlining the roadmap for achieving the desired cybersecurity posture.<\/p>

The framework’s implementation relies heavily on a dedicated cybersecurity function. This function, led by a qualified Chief Information Security Officer (CISO)<\/b> reporting directly to senior management, can be an internal team or outsourced to a managed security service provider (MSSP).\u00a0<\/p>\t\t\t\t\t<\/div>\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t<\/div>\r\n\t\t<\/div>\r\n\r\n\t\t\r\n\t\t\r\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\r\n\r\n\t\t\t\t\t\t\t\r\n\t\t\t\t\t
\r\n\t\t\t\t\r\n\r\n\r\n\t\t\t\t\t\r\n\t\t\t\t\t\t<\/i>\r\n\r\n\t\t\t\t\t\t\t\t\t<\/span>\r\n\t\t\t<\/div>\r\n\t\t\r\n\t\t\t\t\r\n\t\t\t
\r\n\r\n\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t
\r\n\t\t\t\t\r\n\t\t\t\t\t03.\t\t\t\t<\/span>\r\n\t\t\t<\/h5>\r\n\t\t\r\n\r\n\t\t\t\t\t
\r\n\t\t\t\tImplementation\t\t\t<\/div>\r\n\t\t\r\n\t\t\t\t\t\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t
\r\n\t\t\t\t\t\t

The RBI’s cybersecurity framework outlines cyber security controls for primary (UCBs under Level I and II) and secondary (UCBs under Level III and IV) categories. These controls encompass various aspects of cybersecurity, including:<\/p>