SEBI’s Cybersecurity and Cyber Resilience Framework (CSCRF), effective August 2024, mandates specific Linux-layer controls for all regulated entities — stockbrokers, AMCs, depositories, portfolio managers, and research analysts. Annual cyber audits are compulsory. For Qualified Stock Brokers, VAPT is half-yearly.
Most gaps auditors find are at the Linux server layer: unpatched systems, weak access controls, missing audit trails, untested backups. These are infrastructure problems. AV Services fixes them.
What CSCRF Requires at the Linux Layer
| Control Area | CSCRF Standard | Key Requirement |
|---|---|---|
| Patch Management | PR.MA.S3 | High-severity patches within 1 week. Patch reports for auditor. |
| Access Control | PR.AC | Least privilege, named accounts, quarterly privileged access review. |
| Log Management | DE.AE | All logs collected, 1-year retention, integrity protected, audit-ready. |
| Incident Response | RS.RP / RS.AN | Documented plan, 24/7 response, RCA report within 48 hours. |
| Backup & Recovery | RC.RP | Automated backups, monthly restore test, RTO/RPO documented. |
| Security Hardening | PR.IP / PR.PT | CIS Benchmark applied, unnecessary services disabled, hardening report. |
How AV Services Covers These Controls
Every AV Services retainer client gets monthly patching with patch compliance reports, access control hardening, backup monitoring with restore testing, and 24/7 emergency response with RCA reports. Business Critical tier adds CIS hardening reports and annual incident response drills — the documentation your auditor needs.
All in one monthly retainer. No separate vendor for each control area.
Downloads
Free Downloads
SEBI CSCRF Linux Compliance Pack
Two PDFs: 25-control checklist mapped to CSCRF references + gap assessment with remediation. Enter your name and email to download both.
Free 30-Minute Compliance Audit
We assess your Linux infrastructure against SEBI CSCRF requirements and identify your top 3 gaps — at no cost, no obligation. Book the audit here.