logotype
RBI – Cyber Security Framework for Urban Cooperative Banks
Home RBI – Cyber Security Framework for Urban Cooperative Banks

RBI – Cyber Security Framework for Urban Cooperative Banks

The Reserve Bank of India (RBI) has released a Cyber Security Framework for Urban Cooperative Banks (UCBs) to help them protect their information systems and data from cyber threats.

RNR, as a CERT-In Empaneled Security Auditor, is licensed to assist you in understanding, managing, and complying with RBI Guidelines & Circulars that are issued on a regular basis. The RBI published a new Cyber Security Framework for Urban Cooperative Banks (UCBs) on October 19, 2018. These standards were then updated again on December 31, 2019.

The following is an overview of some of the key concepts and requirements of the new Urban Cooperative Banks (UCBs) Cyber Security Framework:

RNR, as a CERT-In Empanelled Security Auditor, has the authority to assist you in comprehending, managing, and adhering to the RBI’s Guidelines & Circulars that are regularly issued. On October 19, 2018, the RBI introduced a new Cyber Security Framework specifically for Urban Cooperative Banks (UCBs). These guidelines were subsequently updated on December 31, 2019. Here is a brief overview of some important points and requirements from the new Cyber Security Framework for UCBs. To gain a deeper understanding of the framework and how RNR can support you in meeting the RBI’s mandates, you can download our Whitepaper.

Fundamental Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)

  • Board approved Cyber Security Policy
  • Cyber Security Policy to be distinct from the IT policy/IS Policy of the UCB
  • IT Architecture/Framework should be security compliant
  • Cyber Crisis Management Plan
  • Organisational Arrangements
  • Cyber Security awareness among Top Management/Board/other concerned parties
  • Ensuring protection of customer information
  • Supervisory reporting framework
Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)

Level I Requirements

  • Baseline Cyber Security and Resilience Requirement
  • Vendor/Outsourcing Risk Management

Level II Requirements

  • Network Management and Security
  • Secure Configuration
  • Application Security Life Cycle (ASLC)
  • Change Management
  • Periodic Testing
  • User Access Control / Management
  • Authentication Framework for Customers
  • Anti-Phishing
  • Data Leak Prevention Strategy
  • Audit Logs
  • Incident Response and Management

Level III Requirements

  • Network Management and Security
  • Secure Configuration
  • Application Security Life Cycle (ASLC)
  • User Access Control
  • Advanced Real-time Threat Defence and Management
  • Maintenance, Monitoring, and Analysis of Audit Logs
  • Incident Response and Management
  • User / Employee/ Management Awareness
  • Risk based transaction monitoring

Level IV Requirements

  • Arrangement for continuous surveillance – Setting up of Cyber Security Operation Centre (C-SOC)
  • Participation in Cyber Drills
  • Incident Response and Management
  • Forensics and Metrics
  • IT Strategy and Policy
  • IT and IS Governance Framework
  • IT Strategy Committee
  • IT Steering Committee
  • Chief Information Security Officer (CISO)
  • Information Security Committee
  • Audit Committee of Board (ACB)

What we do

RNR’s framework specifies the remedial actions that UCBs must take to address any gaps in their cyber security posture. These remedial actions may include:

  • Implementing additional security controls
  • Conducting additional training for employees
  • Updating security policies and procedures
  • Submitting a report to the RBI on the remedial actions taken

UCBs that fail to comply with the framework may be subject to penalties by the RBI. But do not worry, RNR got you covered. Contact RNR to discover more about the Cyber Security Framework and how we can assist you with meeting RBI standards.

Overall Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs) has four levels of requirements, RNR is here to assist you with each level. Get in touch with us to know these four levels.

What is Application Security?

Effective Security Testing Safeguards your Applications from Cyber Threats & Vulnerabilities

RNR Application Security Testing is designed to help you identify vulnerabilities in your applications, ensuring comprehensive coverage for both web and mobile infrastructure as well as online services. By doing so, it helps minimize risks and enables you to meet regulatory compliance requirements. Our approach to application security goes beyond simply scanning for software flaws. Instead, we focus on pinpointing and prioritizing the most vulnerable areas of your online application, providing practical solutions to address them effectively.

Leave us message

How May We Help You!

      Service Request Form

      Select Service(s) You Want:

      Information & cyber security program strategy & roadmapEnterprise & cyber security risk assessment & managementThird party risk managementVirtual CISO serviceCyber security awareness programPhishing simulation programThreat modelingUser access governance & certificationIncident management and response planISO 27001/22301/27701/9001RBI master directionNHB cyber security guidelinesIRDAI cyber security guidelinesNIST FrameworkSOC1/SOC2Data localization as per RBI circular of storage of payment system dataCIS frameworkInternal audit managementCloud assessment as per CISDesigning cloud security architectureCSPM security monitoringGap assessment as per applicable guidelinesNetwork architecture reviewFirewall rule reviewFirewall configuration reviewSystem hardening checksVulnerability assessment program managementWeb application penetration testingMobile application penetration testingInfrastructure vulnerability assessmentAPI vulnerability assessmentAPI fuzzingRed teaming ExerciseData protection advisoryData flow diagramDigital personal data protection acData protection controls implementationData discovery and classificationDesigning of data protection policyData governance programDigital personal data protection acGap assessmentArticulation of policy and proceduresISO 27001/22301/27701/9001, PCI-DSS, SOC1/SOC2, COBIT, COSO, HIPPA, RBI, IRDAI, NIST, Data Localization, CISGRC tool implementationArticulation of BCP plan and strategyCrisis management planBCP/DR planning and implementationImplementation of BCMS standard (ISO 22301)Conducting actual and tabletop DR drillsFunctional recovery planGRC resource deployment onsite/offsiteSecurity services resource deployment onsite/offsite

      Contact Details:

      Name (required):

      Organization Name (required):

      Email (required):

      Contact No (required):

      Detail about the requirement (optional):