Meet the RBI Cybersecurity Requirements

Axidian solutions help organizations in India comply with the RBI cybersecurity requirements.

BOOK A DEMO DOWNLOAD CHECKLIST
rbi-compliance-pic

RBI cybersecurity requirements

For decades, the Reserve Bank of India has published thousands of regulations, instructions and rules — usually in the form of Circulars or Acts. Since 2016, RBI has been consolidating its circulars into Master Directions.

The Primary regulatory framework for IT and cybersecurity obligations is the Master Direction on Information Technology Governance, Risk, Controls and Assurance Practices which came into effect on November 7 of 2023. As this Master Direction came into effect, the previous circulars on the same topic were repealed.

The Master Direction consists of 7 chapters and 32 paragraphs, covering:

  • IT Governance
  • IT Infrastructure & Services Management
  • IT & Information security risk management
  • Business continuity and disaster recovery management
  • Information systems audit

These cybersecurity controls are linked to related national and international law and regulatory requirements.

Who must comply

  • Scheduled Commercial Banks, except Regional Rural Banks (RRBs) and Local Area Banks (LABs)
  • Small Finance Banks
  • Payments Banks
  • Non-Banking Financial Companies (NBFCs), except NBFC-Core Investment Companies
  • Credit Information Companies (CICs)
  • All India Financial Institutions (EXIM Bank, NABARD, NaBFID, NHB and SIDBI)

Foreign banks operate in India on a ‘comply or explain’ approach.

Why it is important

In case of non-compliance, an organization may face increased cybersecurity risks, control gaps, and reputational damage.

In some cases, the RBI may appoint a supervisor, advisor, or consultant to remediate compliance gaps, at the cost of the regulated entity.

There are also potential penalties for non-compliance, such as:

  • Monetary penalties
  • Restrictions on business operations
  • Suspension or revocation of license

RBI Cybersecurity Compliance with Axidian Solutions

According to RBI cybersecurity requirements for access control (paragraph 19) and controls on teleworking (paragraph 20), it is mandatory that organizations implement Privileged Access Management and multi-factor authentication to secure their digital identities and access. Learn how Axidian Privilege (PAM) and Axidian Access (IAM with MFA) align with the RBI controls.

rbi-pam-am

With Axidian Privilege and Axidian Access

  • Control privileged activities, record sessions (including video, screenshots, text logs)
  • Apply granular access settings to users based on user location, responsibilities and permissions

With Axidian Privilege

  • Control privileged activities, record sessions (video, screenshots, text logs)
  • Enforce the Least Privilege principle
  • Keep passwords and credentials hidden from users
  • Two-factor authentication for privileged sessions is built into Axidian Privilege, no additional licenses are needed
rbi-pam
rbi-am

With Axidian Access

  • Implement Multi-Factor Authentication (MFA) for local and remote logins
  • Specify the authentication technologies required for access to each information system: biometrics, one-time passwords, out-of-band authentication (push notification in a mobile app), smart cards or USB tokens.

Additional coverage

Besides the controls above that require identity security solutions, Axidian can help you achieve a wider coverage and enhance compliance to more RBI cybersecurity requirements which are related to risk control, third-party access, incident prevention, cryptographic controls, and more.

For more detail, download our RBI cybersecurity compliance guide which includes the Axidian solution mapping to RBI controls.

DOWNLOAD GUIDE
rbi-axidian

Book a Demo

Experience why organizations trust Axidian to strengthen their security and comply with the RBI controls on cybersecurity.

Click the button below, leave your contact information, and our team will reach out to you promptly to arrange a personal product demo based on your security and compliance needs.

BOOK A DEMO
book-a-demo-image