How InstaSafe can help Regulated Entities (REs) to stay compliant with SEBI CSCRF guidelines

Sl. No

Guidelines

How can InstaSafe help?

1

Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes.

InstaSafe can ensure complete identities and credential management from creation, storage, deletion with complete audit trail of users and devices

2

Network integrity is protected (through measures such as network segregation, network segmentation, etc.).

InstaSafe follows network segmentation and instasafe gateway protects and maintain the segregation securely

3

While granting access permissions and authorizations to resources (both on premise and cloud) of the organization, Principle of Least Privilege shall be followed along with segregation of duties

InstaSafe offers least privilege access by default and subsequent access is provided based on role subject to approval

4

REs shall follow Zero Trust Model to allow individuals, devices, and resources to access organization’s resources.

InstaSafe offers completes Zero Trust Access platform which combines User, device, applications parameters to provide access on a Need to Know basis

5

Access rights shall be reviewed and documented on a periodic basis. Maker-Checker framework shall be implemented for granting, revoking, and modifying user rights in applications, databases, etc.

InstaSafe offers complete audit log reports which can be used for Maker-Checker framework implementation

6

A comprehensive authentication policy shall be documented and implemented. Identities shall be proofed and bound to credentials and asserted in interactions. Users, devices, and other assets are authenticated (single-factor or multifactor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks).

InstaSafe has inbuilt MFA and device binding capabilities which ensure authentication happens taking into consideration of user and device credentials

7

All critical systems shall have MFA implemented for all users accessing from untrusted network to trusted network.

InstaSafe has inbuilt MFA (Authenticator App) which supports various authentication methods like OTP, T-OTP, Biometrics and Hardware token

8

A comprehensive log management policy shall be documented and implemented.

InstaSafe offers complete audit trail and log reports

9

User logs shall be uniquely identified and stored for a specified period.

InstaSafe stores user logs for a time period specified by organization

10

Privileged users’ activities shall be reviewed periodically. Access restriction shall be there for employees as well as third-party service providers. If it is required to grant access, it shall be for the limited time-period, on need-to-know basis and shall be subject to stringent supervision and monitoring.

Privileged user can be monitored and Need to know basis access can be provided for specific time period

11

Remote access to assets shall be strictly tracked and administered.

Remote access to assets can clearly be monitored through the platform

12

A comprehensive data-disposal and data-retention policy shall be documented and implemented.

InstaSafe has clear guidelines of data disposal and data retention policy for customers