CERT-In · IT Act · MeitY · 2022 Directions

The 6-hour clock doesn't care about your spreadsheets.

Indian regulators expect documented incident reporting, 180-day log retention, and KYC-grade audit trails. Run all three from one platform — with the evidence ready before submission opens.

Request a demoOpen workspace

6-hour reporting window

The CERT-In runbook, instrumented

Each step has owner, SLA, and evidence. Submission is generated from operational data, not reconstructed from email.

  1. T+0
    Step 1

    Detect & classify event severity

  2. T+30m
    Step 2

    Engage on-call, capture initial telemetry

  3. T+2h
    Step 3

    Decision: reportable to CERT-In?

  4. T+4h
    Step 4

    Draft submission per Annex II format

  5. T+6h
    Step 5

    File via cyberswachhtakendra.gov.in

Annex II · Reportable categories

Six classes that trigger the timer

Detection rules pre-mapped. When a match fires, the workflow opens automatically with classification suggestions.

Targeted scanning / probing of critical networks

Direction iv(a)

Compromise of critical systems / information

Direction iv(b)

Unauthorized access to ICT infrastructure

Direction iv(c)

Defacement of website / intrusion into website

Direction iv(d)

Malicious code attacks (ransomware, etc.)

Direction iv(e)

Distributed Denial of Service attacks

Direction iv(f)

Log retention · 180 days minimum

Validated coverage, not just policy

Direction (v) requires 180-day rolling logs across multiple sources — and the ability to produce them on demand.

SourceRetentionRequired contentStatus
Servers / hosts180 daysAuth, sudo, system events, kernel log● Verified
Firewalls / NIDS180 daysAllow/deny, threat verdicts, sessions● Verified
Authentication systems180 daysLogins, MFA, failed attempts, role changes● Verified
VPN / remote access180 daysConnect/disconnect, address mapping● Verified
Application logs180 daysUser actions on regulated systems● Verified

Verification is performed daily — integrations flag any source where retention drops below the 180-day floor.

More frameworks

Pair IT Act / CERT-In with

SOC 2Trust services criteria controls and evidenceISO 27001ISMS controls and continuous monitoringDPDPIndia Digital Personal Data Protection frameworkGDPREU data protection requirements and controlsHIPAAHealthcare data security and privacy controlsPCI DSSPayment card data security standard controlsCustom FrameworksBuild or import your own control library

When the timer starts, the package is ready

Run incident reporting, log retention, and audit trail evidence from one platform built for Indian regulators.

Request a demoWorkspace