Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      Error’d: Pickup Sticklers

      September 27, 2025

      From Prompt To Partner: Designing Your Custom AI Assistant

      September 27, 2025

      Microsoft unveils reimagined Marketplace for cloud solutions, AI apps, and more

      September 27, 2025

      Design Dialects: Breaking the Rules, Not the System

      September 27, 2025

      Building personal apps with open source and AI

      September 12, 2025

      What Can We Actually Do With corner-shape?

      September 12, 2025

      Craft, Clarity, and Care: The Story and Work of Mengchu Yao

      September 12, 2025

      Cailabs secures €57M to accelerate growth and industrial scale-up

      September 12, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      Using phpinfo() to Debug Common and Not-so-Common PHP Errors and Warnings

      September 28, 2025
      Recent

      Using phpinfo() to Debug Common and Not-so-Common PHP Errors and Warnings

      September 28, 2025

      Mastering PHP File Uploads: A Guide to php.ini Settings and Code Examples

      September 28, 2025

      The first browser with JavaScript landed 30 years ago

      September 27, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured
      Recent
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Development»SEBI Clarifies Scope of CSCRF, Recognizes RBI Oversight

    SEBI Clarifies Scope of CSCRF, Recognizes RBI Oversight

    August 30, 2025

    CSCRF

    The Securities and Exchange Board of India (SEBI) issued a clarification on Thursday regarding the scope and applicability of its Cybersecurity and Cyber Resilience Framework (CSCRF). According to the markets regulator, the framework applies strictly to systems used exclusively for SEBI-regulated activities, alleviating concerns around overlapping responsibilities with other regulatory bodies. 

    SEBI emphasized that shared infrastructure, if not already overseen by the Reserve Bank of India (RBI) or another competent authority, will still fall under the CSCRF audit requirements. This ensures a consistent cybersecurity standard across all system types, especially as institutions increasingly rely on common digital platforms. 

    Importantly, SEBI acknowledged that regulated entities (REs) already complying with cybersecurity norms issued by the RBI or any equivalent regulator will not need to duplicate efforts. Such existing compliance will be accepted under SEBI’s framework, reducing operational burdens on dual-regulated entities, as reported by The Economic Times.

    Critical Systems, Zero Trust, and Disaster Recovery Guidelines

    The CSCRF circular expanded on what constitutes a “critical system,” identifying it as any system that affects core operations, stores or transmits regulatory data, hosts client-facing or internet-facing applications, or resides on the same network as such systems. To strengthen resilience, SEBI urged REs to implement zero-trust principles, like network segmentation, high availability, and eliminating single points of failure, with oversight from their IT Committees. 

    In terms of mobile applications, the framework’s guidelines are considered recommendatory rather than mandatory. Meanwhile, for cyber crises, REs must act based on their internal Cyber Crisis Management Plan, avoiding the issuance of press releases during such events. 

    While tools such as threat simulations, vulnerability assessments, and decoy systems are encouraged, SEBI clarified that their use is not compulsory. However, entities must actively assess cybersecurity risks arising from third-party vendors in coordination with their IT Committees. 

    SEBI also stressed the importance of protecting cyber audit reports. “While receiving and handling cyber audit reports submitted by their members, stock exchanges and depositories shall ensure that adequate safeguards are in place to maintain the confidentiality and integrity of such reports,” the regulator said. 

    For disaster recovery, regulated entities must be able to resume critical operations within two hours (Recovery Time Objective – RTO) and ensure data recovery within 15 minutes (Recovery Point Objective – RPO). Entities must also plan for contingencies in cases where these benchmarks cannot be achieved. 

    Revised CSCRF Categorization for Portfolio Managers and Merchant Bankers

    SEBI has revised the classification thresholds for regulated entities under the CSCRF. Portfolio Managers with Assets Under Management (AUM) of ₹10,000 crore and above will now be categorized as Qualified REs.  

    Those managing between ₹3,000 crore and ₹10,000 crore will be tagged as Mid-size REs, while those below ₹3,000 crores fall into the small-size RE category. Portfolio Managers under the minimum threshold may be recognized as Self-certification REs, benefiting from simpler compliance requirements. 

    In the case of Merchant Bankers (MBs), SEBI clarified that all active MBs—defined as those carrying out merchant banking functions during the relevant period—will be treated as Small-size REs for compliance purposes. Inactive MBs, however, will be exempt from CSCRF obligations. 

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleAbandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign
    Next Article Can Your Security Stack See ChatGPT? Why Network Visibility Matters

    Related Posts

    Development

    Using phpinfo() to Debug Common and Not-so-Common PHP Errors and Warnings

    September 28, 2025
    Development

    Mastering PHP File Uploads: A Guide to php.ini Settings and Code Examples

    September 28, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    Firefox 138 Released With Fix for Multiple High-Severity Vulnerabilities

    Security

    Top Vertiv Server Rack Supplier in India | Certified Dealer

    Web Development

    DeepMind’s latest research at ICLR 2023

    Artificial Intelligence

    Attacks on the education sector are surging: How can cyber-defenders respond?

    Development

    Highlights

    Tech & Work

    Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

    July 3, 2025

    10 Reasons To Build a Full-stack Python Development Company Page Updated On GET A FREE…

    Cyber Insurers Might Not Pay if Vulnerabilities Unpatched

    August 26, 2025

    New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

    May 27, 2025

    Simplify access control and auditing for Amazon SageMaker Studio using trusted identity propagation

    August 19, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.