India Compliance
Meet India's Cybersecurity Compliance Requirements
Hands-on SOC training with evidence-based scoring — mapped to SEBI CSCRF, RBI, and CERT-In frameworks. Train your team. Prove it to auditors.
Regulatory Landscape
Three Frameworks. One Platform.
India's cybersecurity regulations now mandate SOC capability, trained staff, and documented evidence. CymBytes maps directly to these requirements.
Stock exchanges, brokers, mutual funds, and AMCs must establish SOC capability, conduct annual drills, and document training under CSCRF (Circular Aug 2024).
All scheduled commercial banks and upper-layer NBFCs must maintain a C-SOC with trained staff, conduct semi-annual IR drills, and report incidents within 2–6 hours.
All organizations must report cybersecurity incidents to CERT-In within 6 hours. This requires trained analysts who can detect, classify, and escalate rapidly.
Compliance Mapping
How CymBytes Maps to Requirements
Every lab session produces evidence that supports your compliance posture. Here's how our platform capabilities align to specific regulatory controls.
SOC Functional Efficacy (CSCRF Annexure N)
MTTD, MTTI, MTTC, and MTTR scoring provides objective SOC performance metrics — the exact data needed for Annexure N functional efficacy assessments required for all SEBI entity categories.
6-Hour Detection Readiness (CERT-In)
MTTD scoring measures exactly how fast your analysts detect threats. Training on timed scenarios builds the rapid detection capability needed to identify and report incidents within the 6-hour window.
Incident Response Drills (RBI Annex 1 Sec 5)
Each scored lab session serves as a documented IR drill — with timed scenarios, containment actions, and recovery steps tracked. Meets the RBI requirement for semi-annual incident response testing.
Training Documentation (CSCRF PR.AT)
Every session produces timestamped completion records with skill scores, MITRE ATT&CK coverage, and performance trends — auditable training evidence for quarterly, semi-annual, or annual compliance.
Audit Evidence
Evidence Your Auditor Needs
Move beyond completion certificates. CymBytes produces objective, measurable evidence of cybersecurity capability.
IR Performance Metrics
MTTD, MTTI, MTTC, and MTTR measurements per analyst and per team — tracked over time with improvement trends. Proves your SOC team is getting faster at detection and response.
MITRE ATT&CK Coverage
Technique-level coverage map showing which ATT&CK techniques your team has practiced. Demonstrates breadth of training across the threat landscape.
Per-Analyst Training Records
Timestamped session records with individual scores, skill breakdowns, and completion status. Who trained, when, on what, and how they performed.
Skill Progression Over Time
Longitudinal tracking showing improvement in detection speed, investigation thoroughness, and containment effectiveness. Evidence that training investment produces measurable results.
Who This Applies To
Entity Coverage
CymBytes supports compliance training for all SEBI entity categories, RBI-regulated institutions, and organizations subject to CERT-In directives.
MIIs
Stock Exchanges, Depositories, Clearing Corps
Qualified REs
Large Brokers, Large AMCs
Mid-size REs
Medium Portfolio Managers, AIFs
Scheduled Commercial Banks
All categories under RBI mandate
Upper-Layer NBFCs
RBI C-SOC requirement
Insurance Companies
IRDAI-regulated entities
Payment System Operators
RBI-authorized PSOs
All Organizations
Subject to CERT-In directives
Prove your team's readiness to regulators.
Hands-on SOC training with evidence-based scoring — mapped to SEBI CSCRF, RBI, and CERT-In. Start a pilot with your security team.