The existence of an effective and appropriate supervision mechanism superimposed on minimum, common, and harmonised baselines, requirements, and measurement guidelines among the stakeholders is a pre-requisite for ensuring effective cyber security. While effective execution of this mechanism involves as a prerequisite extensive capability and capacity building amongst the stakeholders, there are some aspects that may be addressed based on common experiences and established best practices. This document is also not intended to discourage organizations from a risk management-based approach in
favour of compliance-based approach.
Due to the relative heterogeneity of the various Information Technology sectors and technology dependent sectors, finding a minimum, common, and harmonised baselines is one of the primary and essential aspects. In this direction, based on inputs from various stakeholders in CERT-In, Ministry of Home Affairs, National Informatics Centre, National Critical Information Infrastructure Protection Centre and Defence Cyber Agency various category of baseline cyber security controls and the applicability of these markers has been identified and incorporated into this document. Based on the above, this document is being released to act as minimum-security assurance baseline expected across the cyber
information infrastructure.
Views: 12
