All framework guides
Help Center · Framework guide
CERT-In Cyber Security Directions
CERT-In · Government · India · v2022
CERT-InIndiaIncident ReportingGovernment
Overview
CERT-In directions require Indian organizations to follow incident reporting, log retention, time sync, and ICT security practices.
12 controls available in ComplAI for this framework.
Who it's for
- Service providers and intermediaries in India
- Body corporates under CERT-In directions
- Security operations teams handling incident reporting
Why it matters
Directions are enforceable expectations for ICT security in India. ComplAI helps track reporting readiness, logging, and control evidence.
Incident reporting timelinesLog retention and NTP syncPoint of contact registrationICT security controls
How ComplAI helps
- Activate CERT-In in the Framework Library to load its control catalog
- Assign owners, track compliance status, and attach evidence per control
- Use risk register and issues workflows when controls fail or deviate
- Export readiness views for leadership and auditors
Sample controls
- incident response
Dir. 1
Incident reporting to CERT-In
- governance
Dir. 2
Designated Point of Contact
- audit logging
Dir. 3
Log retention 180 days
- network security
Dir. 4
NTP synchronization
- data protection
Dir. 5
Subscriber KYC for service providers
- governance
Dir. 6
ICT system information on request
Getting started
- Open Framework Library and activate CERT-In
- Review the control list and prioritize high-impact domains
- Attach policies, procedures, and technical evidence
- Mark controls audit-ready and monitor residual gaps
