RBI Cyber Security Framework Compliance Report

Overview

This report performs a technical assessment of your AWS environment against select controls from the RBI Cyber Security Framework, as outlined by the Reserve Bank of India in its IT Governance and Cyber Security requirements for regulated entities. The focus is on Annex I, which sets minimum baseline standards for risk identification, control enforcement, monitoring, and response.

This assessment evaluates your environment against the following RBI Cyber Security controls:

Annex I – Control Objectives:

• 1.1 – Board-approved cyber security policy and governance framework
• 1.3 – Identification of critical assets and protection of customer data
• 5.1 – Establishment of a Security Operations Centre (SOC) with appropriate telemetry and alerting capabilities
• 6 – Continuous vulnerability scanning, patching, and configuration reviews
• 7.1 – Logical access control and multi-factor authentication for all remote and administrative access
• 7.2 – Identity lifecycle management and periodic user access reviews
• 7.3 – Strong password policies and credential handling
• 7.4 – Time-bound access provisioning and revocation processes
• 12 – Audit log integrity, secure retention, and real-time analysis for suspicious activity

The assessment reviews AWS services such as IAM, GuardDuty, CloudTrail, VPC, and S3 to determine compliance with RBI’s cyber security objectives.

Upon completion, you will receive a detailed report identifying passed and failed controls, along with prioritized remediation actions to improve alignment with RBI Cyber Security expectations.