CERT-In incident reporting directions require covered organizations to report specified cyber incidents and preserve certain information. The key operating challenge is speed: incident teams need facts from systems and service providers quickly enough to assess and report.
Official sources
What the directions are trying to do
CERT-In needs timely visibility into cyber incidents so it can coordinate response and improve cyber security. Covered organizations need incident workflows that capture what happened, affected systems, logs, provider involvement, remediation, and reporting evidence.
What teams need to do
- Identify covered incident categories and reporting triggers.
- Maintain incident escalation and evidence workflows.
- Map service providers, intermediaries, cloud providers, data centers, and managed services that
may hold needed logs or facts.
- Preserve logs and incident records as required.
Evidence to maintain
- Incident response plan and CERT-In reporting playbook.
- System, provider, log, and contact maps.
- Incident reports, timestamps, technical evidence, communications, and remediation.
- Provider support and audit trail.
Common gaps
- Provider contracts do not require fast enough incident support.
- Logs are not mapped to systems and providers.
- Incident records do not capture reporting rationale.
How Halbarad helps
Halbarad helps teams map providers to systems, contacts, logs, incidents, evidence, remediation, and reporting trail.
Disclaimer
This guide is for general information only and is not legal advice. Review the official regulation, guidance, and supervisory materials, and consult qualified counsel or compliance advisors for your organization's specific obligations.