Section 4(3) in The Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018
(3)(a)The Chief Information Security Officer (CISO) shall establish a process, in consultation with the National Critical Information Infrastructure Protection Centre (NCIIPC), for sharing of logs of "Protected System" with National Critical Information Infrastructure Protection Centre (NCIIPC) to help detect anomalies and generate threat intelligence on real time basis.(b)The Chief Information Security Officer shall also establish a process of sharing documented records of Cyber Security Operation Center (related to unauthorised access, unusual and malicious activity) of "Protected System" with National Critical Information Infrastructure Protection Centre(NCIIPC) to facilitate issue of guidelines, advisories and vulnerability, audit notes etc. relating to "Protected System".
