Under Section 70B of the IT Act 2000, CERT-In issued binding directions in April 2022. Every Indian organisation with ICT infrastructure must comply — right now. 9,700 audits were conducted in 2024–25 alone.
Automate Your CERT-In Compliance →The Indian Computer Emergency Response Team (CERT-In) issued binding Directions on April 28, 2022 under Section 70B of the Information Technology Act 2000. These directions are not guidelines — they are mandatory legal obligations with real penalties.
The directions cover 20 specific requirements: from how quickly you must report a cyberattack (6 hours) to what logs you must keep (180 days minimum) to what security controls must be in place on every networked computer.
CERT-In operates under the Ministry of Electronics and Information Technology (MeitY) and has been actively auditing organisations since the directions came into force.
Legal Basis
Section 70B, IT Act 2000
Directions issued under sub-section (6). Non-compliance actionable under sub-section (7).
Issuing Authority
CERT-In, under MeitY
Active, staffed, empowered. Not a proposed body — fully operational.
Effective Date
April 28, 2022
In force for 3+ years. Enforcement has been active since September 2022.
Enforcement Activity
9,700 audits in 2024–25
Source: CERT-In Annual Report 2024–25. Up significantly year-over-year.
There is no size threshold, no revenue threshold, no employee count threshold. If you have ICT infrastructure in India, you are covered.
Government Schools
Any school with a computer lab, Wi-Fi, or networked devices
Private Schools & Colleges
Any educational institution with ICT infrastructure
MSMEs & Small Businesses
Any business with computers, servers, or cloud services
Government Offices & Departments
All central and state government ICT systems
Hospitals & Clinics
Any healthcare facility with networked computers
NGOs & Trusts
Any non-profit organisation operating ICT infrastructure
If your organisation has a computer connected to the internet, CERT-In applies to you.
₹1Cr
Per Incident
Maximum financial penalty under Section 70B(7) of IT Act 2000
1 Year
Imprisonment
Criminal liability for failure to comply with CERT-In directions
6 Hrs
Reporting Window
Mandatory incident reporting to CERT-In from the moment of detection
CognoShift automates 17 of these. Two require a CERT-In empanelled auditor. One doesn't apply to most organisations.
6-Hour Incident Reporting
✓ CognoShift AutomatesAny cybersecurity incident must be reported to CERT-In within 6 hours of detection. CognoShift starts the countdown automatically and pre-fills the required report.
Designated Point of Contact (PoC)
✓ CognoShift AutomatesA 24x7 point of contact must be registered with CERT-In. Name, email, and phone number of primary and backup contacts. CognoShift stores and manages PoC details.
180-Day Log Retention
✓ CognoShift AutomatesAll ICT activity logs must be retained for a minimum of 180 days and produced on demand during a CERT-In audit. CognoShift enforces this automatically via database policy.
NTP Synchronisation
✓ CognoShift AutomatesAll systems must synchronise time with the Indian NTP server (stratum-1.nic.in or equivalent). CognoShift monitors NTP sync status and drift per endpoint continuously.
KYC of Subscribers (ISPs/VPNs/DCs)
N/A — ISPs/VPNs OnlyInternet Service Providers, VPN providers, and Data Centre operators must maintain subscriber KYC records. This directive does not apply to schools, MSMEs, or government offices.
ICT Infrastructure Inventory
✓ CognoShift AutomatesA complete inventory of ICT assets — hardware, software, network components — must be maintained and available for CERT-In review. Sentinel auto-generates hardware inventory continuously.
6-Monthly Security Audit
Empanelled Auditor RequiredA formal information security audit by a CERT-In empanelled auditor must be conducted every 6 months. CognoShift is not an empanelled auditor — customers must engage one separately. CognoShift prepares all evidence.
6-Monthly VAPT
Empanelled Auditor RequiredVulnerability Assessment and Penetration Testing by a CERT-In empanelled firm must be conducted every 6 months. CognoShift tracks VAPT completion dates and surfaces gaps in the dashboard.
Annual BCP Test
✓ CognoShift AutomatesA Business Continuity Plan must exist and be tested annually. CognoShift manages BCP acknowledgement, last-tested date, and next-due date with automated reminders.
Patch & Update Management
✓ CognoShift AutomatesAll software must be kept up to date. Pending Windows updates, missing security patches, and reboot-pending status are tracked per endpoint by Sentinel.
MFA on All Privileged Access
✓ CognoShift AutomatesMulti-factor authentication must be enforced for all admin and privileged accounts. CognoShift monitors MFA status across enrolled endpoints and portal access.
Encryption at Rest and in Transit
✓ CognoShift AutomatesAll sensitive data must be encrypted at rest (AES-256) and in transit (TLS). CognoShift enforces AES-256-GCM on all endpoint data and TLS across all cloud connections.
Secure Configuration Baseline
✓ CognoShift AutomatesSystems must be configured according to a security baseline (e.g., CIS Benchmarks). Sentinel monitors Windows hardening settings and surfaces deviations.
Access Control with Quarterly Review
✓ CognoShift AutomatesAccess to systems must follow least-privilege principle and be reviewed quarterly. CognoShift maintains an access audit trail and surfaces review dates.
Incident Response Plan (IRP)
✓ CognoShift AutomatesA documented and tested Incident Response Plan must exist. CognoShift auto-generates an IRP template from organisation data and tracks test/review dates.
Anti-Malware / EDR
✓ CognoShift AutomatesAntivirus or EDR must be installed, active, and signatures kept current. Sentinel monitors AV product name, real-time protection status, and signature date per endpoint.
Email and Network Filtering
✓ CognoShift AutomatesEmail filtering (anti-spam, anti-phishing) and network filtering must be active. CognoShift manages self-attestation of email filtering status and provider details.
Third-Party / Supply Chain Risk Register
✓ CognoShift AutomatesA register of all ICT vendors and service providers must be maintained with risk assessments. CognoShift provides a vendor register with DPA tracking.
Data Backup and Recovery
✓ CognoShift AutomatesRegular data backups with defined RPO/RTO must be in place and tested. Sentinel monitors last backup timestamps; CognoShift manages backup status and recovery test dates.
Security Awareness Training
✓ CognoShift AutomatesAll staff with ICT access must receive periodic security awareness training. CognoShift manages training completion records, next-due dates, and automated reminders.
You focus on running your school or business. CognoShift handles the compliance — silently, automatically, continuously.
A lightweight Windows service (< 50MB RAM) deployed silently via Active Directory. Monitors NTP sync, AV status, patch compliance, disk encryption, and more — reporting to your CERT-In dashboard every 60 seconds.
Every directive has a live status card — COMPLIANT, PARTIAL, or NEEDS SETUP. See your overall CERT-In score. Know exactly what to fix before an audit.
When a breach is detected, CognoShift starts the 6-hour CERT-In reporting clock automatically. A pre-filled incident report is ready for your review. One click to submit.
Generate a full CERT-In compliance report in 30 seconds. Maps all 17 directives, shows evidence, includes an attestation block. Ready for your empanelled auditor to review.
For directives requiring policy acknowledgement (BCP testing, email filtering, security training), CognoShift provides simple forms. Complete once, tracked automatically.
For District Commissioners and NIC officers: a single dashboard showing CERT-In compliance across all enrolled schools and government offices in the district.
Deploy Sentinel across your organisation in 30 minutes. Your CERT-In dashboard is live immediately. No security team required. No consultant needed.
DPIIT Recognised Startup · Govt of Haryana Funded · India-hosted on Supabase Mumbai