Section 4(2) in The Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018
(2)The Chief Information Security Officer (CISO) shall share the following, whenever there is any change, or as required by the National Critical Information Infrastructure Protection Centre (NCIIPC), and incorporate the inputs/feedbacks suggested by the said National Critical Information Infrastructure Protection Centre (NCIIPC):-(a)Details of Critical Information Infrastructure (CII)declared as "Protected System", including dependencies on and of the said Critical Information Infrastructure.(b)Details of Information Security Steering Committee (ISSC) of "Protected System".(c)Information Security Management System (ISMS) of "Protected System".(d)Network Architecture of "Protected System".(e)Authorised personnel having access to "Protected System".(f)Inventory of Hardware and Software related to "Protected System".(g)Details of Vulnerability/Threat/Risk (V/T/R) Analysis for the cyber security architecture of "Protected System".(h)Cyber Crisis Management Plan(CCMP).(i)Information Security Audit Reports and post Audit Compliance Reports of "Protected System".(j)IT Security Service Level Agreements (SLAs) of "Protected System".
