On 18th May 2022, the Indian Computer Emergency Response Team (CERT-In) released FAQs to address queries on Cyber Security Directions of 28.04.2022.
The FAQs, consist of 44 questions that endeavour to clarify queries on the Cyber Security Directions to fast track operationalisation of these directions in the country.
The FAQ consists of the following three primary sections:
- Section I: Basic Terminology and Scope of the Directions.
- Section II: Directions under subsection (6) of section 70B of the IT Act, 2000.
- Annexure-I: Explanation for Types of Cyber Security Incidents to be Reported to CERT-In.
Section I: comprises the basic terminology and scope of the directions. For instance, the objective for issuing the Cyber Security Directions, the scope and applicability of the direction, the functions of CERT-In in the area of cyber security, the method of reporting and format for incident reporting, etc.
Section II comprises the nuances and explanations of the Cyber Security Directions, namely, areas the Cyber Security Directions cover, the benefit of the directions to the users in the country, the effect of the direction on the Right to Privacy of individuals, the time frame for reporting and information to be shared while reporting incidents, various applicability aspects of these Cyber Security Directions; and clarifications related to logging requirements, time synchronisation, and maintenance of specific information by entities, etc.
Annexure-I of the FAQs consists of an illustrative list of explanations of the types of incidents required to be reported to CERT-In.