Section 4 in The Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018
4. Roles and Responsibilities of "Protected System(s)" towards National Critical Information Infrastructure Protection Centre.
(1)The Chief Information Security Officer (CISO) shall maintain regular contact with the National Critical Information Infrastructure Protection Centre(NCIIPC) and will be responsible for implementing the security measures suggested by the said National Critical Information Infrastructure Protection Centre(NCIIPC) using all available or appropriate ways of communication.(2)The Chief Information Security Officer (CISO) shall share the following, whenever there is any change, or as required by the National Critical Information Infrastructure Protection Centre (NCIIPC), and incorporate the inputs/feedbacks suggested by the said National Critical Information Infrastructure Protection Centre (NCIIPC):-(a)Details of Critical Information Infrastructure (CII)declared as "Protected System", including dependencies on and of the said Critical Information Infrastructure.(b)Details of Information Security Steering Committee (ISSC) of "Protected System".(c)Information Security Management System (ISMS) of "Protected System".(d)Network Architecture of "Protected System".(e)Authorised personnel having access to "Protected System".(f)Inventory of Hardware and Software related to "Protected System".(g)Details of Vulnerability/Threat/Risk (V/T/R) Analysis for the cyber security architecture of "Protected System".(h)Cyber Crisis Management Plan(CCMP).(i)Information Security Audit Reports and post Audit Compliance Reports of "Protected System".(j)IT Security Service Level Agreements (SLAs) of "Protected System".(3)(a)The Chief Information Security Officer (CISO) shall establish a process, in consultation with the National Critical Information Infrastructure Protection Centre (NCIIPC), for sharing of logs of "Protected System" with National Critical Information Infrastructure Protection Centre (NCIIPC) to help detect anomalies and generate threat intelligence on real time basis.(b)The Chief Information Security Officer shall also establish a process of sharing documented records of Cyber Security Operation Center (related to unauthorised access, unusual and malicious activity) of "Protected System" with National Critical Information Infrastructure Protection Centre(NCIIPC) to facilitate issue of guidelines, advisories and vulnerability, audit notes etc. relating to "Protected System".(4)(a)The Chief Information Security Officer (CISO) shall establish a process in consultation with National Critical Information Infrastructure Protection Centre (NCIIPC), for timely communication of cyber incident(s) on "Protected System" to the said National Critical Information Infrastructure Protection Centre (NCIIPC).(b)In addition, National Critical Information Infrastructure Protection Centre's latest Standard Operating Procedure (SOP) on Incident Response shall be strictly followed in case of cyber incident(s) on "Protected System".
