SEBI CSCRF Compliance Services

CSCRF Gap Assessment

Comprehensive mapping of your current cyber posture against your tier's obligations across all 5 NIST CSF pillars. Classification verification (two-parameter rule, manager-level corpus, multi-category rule). Prioritised remediation plan with costed effort estimates. Delivered: gap report + IT Committee presentation.

VAPT (Vulnerability Assessment & Penetration Testing)

CERT-In empanelled VAPT at your tier's cadence. B-52 AI-powered testing platform. Covers: network, web application, mobile application, API, cloud infrastructure, and critical systems. AI-augmented attacker simulation per May 2026 AI Advisory. Summary-only submission per Aug 2025.

Cyber Audit

CERT-In empanelled cyber audit — distinct from VAPT. Covers: policy review, control evidence validation, compliance gap analysis, CSCRF control-catalogue mapping. Half-yearly for MII + QRE; annual for others (half-yearly if IBT/Algo). Audit-grade report with SEBI submission-ready summary.

Red Teaming

Half-yearly for MII + QRE. Full-scope adversarial campaign simulation: multi-stage, multi-vector, with a defined objective. Attack-narrative report. Complemented by ShadowMap CART for continuous automated testing between engagements.

Threat Hunting

Quarterly for MII + QRE. Hypothesis-driven hunt across your SOC telemetry. IOC-based and TTP-based hunting. MITRE ATT&CK-aligned. Hunt report + detection-gap recommendations.

M-SOC Onboarding Advisory

End-to-end Market SOC onboarding support. 4-week pre-onboarding sequence. Log-source inventory (12 categories). SIEM integration planning. SOAR playbook design and testing. Mandatory for Small-size + Self-cert; expedited per AI Advisory item 6c.

ISO 27001 Advisory

ISO/IEC 27001:2022 implementation and certification advisory. Mandatory for MIIs; recommended for QREs. Annex-A control mapping to CSCRF. ISMS policy framework. Internal audit preparation. Certification-body liaison.

CCI (Cyber Capability Index) Assessment

Structured CCI assessment per CSCRF Annexure-K. Half-yearly third-party assessment for MIIs. Annual self-assessment support for QREs. NIST CSF 2.0 maturity scoring. Year-over-year trend analysis for IT Committee reporting.

IT Committee + Board Evidence Packs

Compiled quarterly evidence packs for IT Committee meetings (mandatory for MII, QRE, Mid-size). CSCRF compliance status report. Audit-finding tracker. Risk-register updates. AI Advisory item 10 (long-term AI plan) submission package.

AI Advisory Readiness

Complete Annexure-A readiness: AI-augmented VAPT, AI-system-defender testing, COTS vendor risk letters, API inventory + authN/Z audit, SOAR/SIEM integration, SBOM generation, AI-threat risk scenarios, and IT Committee AI plan submission. 90-day readiness roadmap.