The Market Infrastructure Institutions (MIIs), including Stock Exchanges, Clearing Corporations, and Depositories, are crucial entities in the securities market, providing essential infrastructure for its smooth operation. To manage operational risks, these MIIs must establish robust cybersecurity frameworks to ensure the security and resilience of their systems and data.
The guidelines cover various aspects of cybersecurity and best practices that MIIs are required to implement. These practices include maintaining offline, encrypted backups of data, regularly updating "gold images" of critical systems, and exploring the possibility of retaining spare hardware for system recovery. MIIs should also conduct regular business continuity drills and vulnerability scanning, as well as implement user awareness and training programs.
Furthermore, MIIs are advised to implement email filters, keep antivirus and anti-malware software up to date, employ application directory whitelisting, and use Multi-Factor Authentication (MFA) for all services. They should also follow the principle of least privilege and put in place a configuration management database approach.
Specific measures for securing domain controllers, reviewing delegated access and unused tokens, and retaining and securing logs are highlighted. Network devices should be configured with a whitelist approach, and network segregation should be established. Secure usage of Remote Desktop Protocol (RDP) and Application Programming Interfaces (APIs) is emphasized.
Additionally, MIIs should implement Domain Name System (DNS) filtering services, restrict management of critical servers and applications, and manage Indicators of Compromise (IOCs) and alerts from government agencies effectively. They are required to devise standard operating procedures for implementing advisories and conduct regular tests of their response and recovery plans.
To ensure high availability in case of a disaster, MIIs should explore dissimilar application architecture. Lastly, engaging Dark Web, monitoring services to detect brand abuse, data leaks, and credential exposure is recommended.
These guidelines aim to strengthen the cybersecurity posture and resilience of MIIs in the Indian securities market, recognizing the interconnected nature of their operations and the critical role they play in maintaining market integrity and investor confidence. MIIs are expected to comply with these guidelines and continuously enhance their cybersecurity measures to safeguard the securities market from cyber threats.