SEBI CSCRF
Comply with SEBI's CSCRF, the unified cyber-resilience standard for regulated entities.
RE-Category Gap
Mapped to your regulated-entity category
VAPT & Cyber Audit
Half-yearly VAPT and periodic cyber audit
SEBI-Format Submission
Report prepared for SEBI filing
CERT-In Auditors
A CERT-In-aligned audit team
What it is
SEBI's Cybersecurity and Cyber Resilience Framework is a unified, mandatory cyber-resilience standard for SEBI-regulated entities built on five goals: Anticipate, Withstand, Contain, Recover and Evolve. It mandates VAPT, periodic cyber audits, SBOM for critical apps and graded controls scaled to entity size.
Who must comply
All SEBI Regulated Entities graded into Market Infrastructure Institutions, Qualified REs, Mid-size, Small and Self-certification: stock brokers, depository participants, AMCs, RTAs, KRAs, investment advisers and more.
How IntelligenceX helps
Frequently Asked Questions
For MIIs, KRAs and QRTAs the early-2025 timeline applied; for most other REs the deadline was extended to 31 August 2025. If you are not yet compliant you are past deadline and remediation is urgent.
A Software Bill of Materials lists every component in your critical apps. CSCRF mandates SBOM for critical applications, India's first sectoral SBOM rule, to manage supply-chain risk.
CSCRF grades REs into categories from Market Infrastructure Institutions down to Self-certification, and the controls, audit frequency and VAPT cadence scale accordingly. We first confirm your category, then apply only the controls that genuinely apply to you.