SEBI's 2024 Cybersecurity and Cyber Resilience Framework introduces explicit endpoint security obligations for every regulated entity in India's securities market. This guide maps each requirement to Zecurit Endpoint Manager capabilities, so compliance and IT teams can translate policy into day-to-day operational controls.
India's securities market processes millions of transactions every day. Behind every trade, settlement, and investor record sits a network of endpoints: workstations, servers, laptops, and mobile devices operated by brokers, fund managers, compliance teams, and back-office staff. Each one is a potential entry point for adversaries.
On 20 August 2024, SEBI issued Circular No. SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, the Cybersecurity and Cyber Resilience Framework (CSCRF), superseding all previous cybersecurity guidelines for regulated entities. For the first time, the framework explicitly names endpoint security solutions as a mandatory control.
This guide maps each relevant CSCRF requirement to specific capabilities in Zecurit Endpoint Manager, so compliance and IT teams at regulated entities can turn policy into operational practice.
The 2024 CSCRF applies to a significantly expanded set of organisations. REs now include:
CSCRF classifies REs into five tiers based on client base, trade volume, and assets under management. Obligations scale with tier, but endpoint security, patch management, and vulnerability assessments apply across all categories.
The CSCRF is structured around five function-based pillars drawn from NIST CSF. Understanding these pillars makes it easier to see where endpoint controls fit.
REs must maintain a current, board-approved inventory of all critical systems and assets. Without knowing what endpoints exist and what software runs on them, no other security control can be applied consistently.
The broadest pillar: encryption at rest and in transit, endpoint security solutions, device control, access management, patch and vulnerability management, configuration baselines, and secure software deployment.
Continuous monitoring, security alerting, and a Security Operations Centre are required depending on RE tier. REs must generate logs, detect anomalies, and feed events into incident management workflows in near real time.
A documented and regularly tested incident response plan must be in place. Endpoints must be remediable quickly: patch deployment, configuration enforcement, and remote isolation are practical necessities.
Disaster recovery and business continuity plans must include endpoint restoration. Compliance evidence such as logs, patch reports, and audit trails must be retained and producible for SEBI auditors on demand.
Each major endpoint-relevant CSCRF obligation translated into operational practice, with the exact Zecurit capabilities that address it.
CSCRF requires REs to identify and classify all critical systems and assets. This list must be board-approved, kept current, and form the foundation for all subsequent security controls.
Hardware Inventory automatically collects CPU, RAM, storage, peripheral, and system specification data from every enrolled device. Software Inventory discovers and tracks every installed application with version data in real time. Asset Discovery auto-onboards new devices the moment they join the network, and geo-location tracking provides physical accountability for distributed assets.
CSCRF mandates regular VAPT at defined intervals, alongside a formal patch management process covering OS patches, third-party application updates, and timely remediation of identified vulnerabilities, prioritised by severity.
Patch Management continuously scans all managed devices for missing patches, ranks them using CVSS scores and active exploit intelligence, and deploys approved patches automatically during configured maintenance windows. Vulnerability Management maps installed software against known CVEs, giving IT teams the prioritised remediation backlog that VAPT findings require.
CSCRF explicitly requires endpoint security solutions to be implemented with proper authentication and authorisation mechanisms. Antivirus and antimalware must be operational on all endpoints at all times.
Security Alerts in the Monitoring and Alerts module send instant notifications when antivirus or antimalware services stop running, when Windows Firewall is disabled, or when BitLocker protection is turned off on any device. Configuration Management allows firewall rules and security baselines to be deployed and enforced centrally across the entire fleet.
CSCRF requires encryption of sensitive data at rest across all endpoints. REs must demonstrate encryption status across their fleet and produce evidence for auditors.
BitLocker Management enforces drive encryption across every managed Windows endpoint from a central console. It supports TPM-only, TPM+PIN, and passphrase authentication modes, backs up recovery keys automatically, and generates BitLocker Compliance Reports showing encryption status, policy adherence, and unprotected device identification.
CSCRF requires controls to prevent unauthorised data exfiltration. USB removable storage, portable devices, and wireless interfaces must be governed by policy, with violations logged for audit purposes.
Device Control enforces allow, block, or trusted-only access policies for every peripheral category: removable storage, CD-ROM, Windows Portable Devices, Apple devices, wireless adapters, Bluetooth, modems, and more. Policies are enforced even when devices are offline, and every connection attempt and blocked event is logged with a timestamp and user account.
CSCRF requires REs to implement and maintain secure configuration baselines across all endpoints, enforced consistently regardless of device location or user. Configuration drift must be detectable and remediable.
Configuration Management allows IT teams to define named profiles bundling firewall rules, Windows Update policy, user and group settings, and custom scripts, then associate those profiles independently with device groups or individual endpoints. Hardware and software change alerts notify administrators the moment an endpoint deviates from its approved configuration.
CSCRF requires REs to control what software runs on their endpoints and to detect unauthorised installations. Prohibited or unlicensed software introduces both security risk and regulatory exposure.
Software Alerts notify IT teams instantly when prohibited software is installed on any managed device. Software Licence Management monitors entitlements against actual installations. Software Deployment ensures approved applications are pushed silently and consistently, replacing ad-hoc installations with a controlled, auditable process.
CSCRF requires least-privilege access controls, time-bound privileged access, and comprehensive audit logging of all access events. Local user accounts and administrator privileges must be managed and reviewed regularly.
Configuration Management includes User and Group Management, enabling IT teams to create, modify, and disable local user accounts remotely, enforce password policies, and audit all access changes from a central console. Remote Access sessions require session confirmation from the end user and are governed by role-based access controls, with full session logging for compliance investigations.
CSCRF mandates real-time monitoring of endpoints and the ability to feed security events into SOC workflows. For higher-tier REs, a Market-SOC with 24x7 monitoring and SIEM integration is required.
The Monitoring and Alerts module provides real-time notifications across security, hardware, software, disk, licence, and certificate events. Certificate Alerts proactively detect expiring, self-signed, or untrusted root CA certificates. All alert data is exportable and can be integrated into SIEM and SOC workflows.
CSCRF requires a documented and tested incident response plan. IT teams must be able to deploy remediation patches, push configuration changes, execute diagnostic scripts, and access affected endpoints remotely without delay.
Remote Script Execution enables PowerShell, Bash, and Python scripts to be run simultaneously across thousands of endpoints for rapid remediation. Remote Access and Troubleshooting Tools allow engineers to connect to any affected device instantly. Remote Power Management supports forced restarts and logoff actions to complete patch cycles without physical access.
CSCRF requires REs to submit cyber audit reports to SEBI and maintain audit trails covering patch status, encryption, software inventory, access logs, and security configuration.
Compliance and Reporting provides 100+ built-in report templates including pre-mapped templates for ISO 27001, PCI-DSS, HIPAA, GDPR, CIS, and NIST. Security Reports surface BitLocker gaps, firewall status, and antivirus health across all endpoints. Scheduled Report Delivery emails reports to stakeholders automatically in PDF, CSV, or XLS format.
A consolidated reference mapping each CSCRF endpoint obligation to the relevant Zecurit features, useful for audit preparation and internal compliance reviews.
| CSCRF Requirement | Zecurit Endpoint Manager Capability |
|---|---|
| Asset Inventory and Classification | Hardware InventorySoftware InventoryAsset DiscoveryGeo Location Tracking |
| Vulnerability Assessment and Patch Management | Patch ManagementVulnerability ManagementCVSS PrioritisationPatch Compliance Reports |
| Endpoint Security Solutions | Security AlertsFirewall ConfigurationAV/Antimalware Monitoring |
| Data Encryption at Rest | BitLocker ManagementTPM Policy ManagementRecovery Key BackupBitLocker Compliance Reports |
| Device and Peripheral Control | Device ControlUSB/Removable Storage PoliciesOffline Policy EnforcementAudit Device Logs |
| Secure Configuration Baselines | Configuration ManagementCentralised Profile ManagementHardware/Software Change Alerts |
| Software Control and App Management | Software AlertsSoftware Licence ManagementSoftware DeploymentProhibited Software Detection |
| Access Control and User Management | User and Group ManagementSession Confirmation and AuditUser Logon ReportsRole-Based Access |
| Continuous Monitoring and SOC Integration | Real-Time Monitoring and AlertsCertificate AlertsPatch Status Monitoring |
| Incident Response Readiness | Remote Script ExecutionRemote Access and ToolsRemote Power Management |
| Audit-Ready Compliance Reporting | 100+ Compliance ReportsISO 27001 / PCI-DSS TemplatesScheduled Report DeliverySecurity Reports |
SEBI's CSCRF is not a checkbox exercise. It requires regulated entities to demonstrate continuous security posture: patched endpoints, enforced configurations, encrypted drives, controlled peripherals, and evidence-ready reporting, every day, across every device in the organisation.
The framework's graded approach means compliance obligations will only expand as REs grow. Building the right endpoint management foundation now makes it significantly easier to scale compliance as your organisation and SEBI's requirements evolve together.
Zecurit Endpoint Manager addresses each of the CSCRF's core endpoint obligations from a single lightweight agent and a unified management console. There are no infrastructure dependencies, no complex integrations to maintain, and no separate tools to reconcile during audits.
Zecurit develops cloud-based IT management solutions designed for modern IT teams. The Zecurit platform helps organisations manage endpoints, track assets, enforce security policies, and securely support distributed workforces through centralised, easy-to-use tools.
To learn more about Zecurit Endpoint Manager and how it maps to your specific SEBI CSCRF tier requirements, start a free 14-day trial or contact the Zecurit team.
Contact Zecurit