1. The core expectations
- Board-approved cyber security policy and a CISO.
- Baseline controls and a Security Operations Centre.
- A Cyber Crisis Management Plan and RBI incident reporting.
- Periodic VAPT.
2. The recurring gaps
- Unpatched internet-facing systems.
- Privileged access without review.
- Logs collected but never monitored.
- Untested incident-response arrangements.
3. Graded for co-operative banks
Requirements scale with a bank’s digital footprint under RBI’s graded framework.
How CyberSigma helps
CERT-In empanelled, we run the RBI gap assessment, VAPT and SOC review, and help operationalise your CCMP and reporting.
This guide is educational and not legal advice. Requirements evolve — validate specifics against the current standard or regulation for your situation.
