CONTROLLER OF CERTIFYING AUTHORITIES (CCA)
- The Controller of Certifying Authorities (CCA) was appointed by the Central Government under Section 17 of the Information Technology Act enacted in June, 2000.
- The IT Act promotes the use of Digital Signatures for e-Governance and e-Commerce through legal recognition to electronic records and treats digital signatures at par with hand written signatures.
- The Act defines the legal and administrative framework for the establishment of a Public Key Infrastructure (PKI) in the country for creating trust in the electronic environment.
- The CCA licenses Certifying Authorities (CA) to issue Digital Signature Certificates under the IT Act and also exercises supervision over the activities of these Certifying Authorities.
CYBER APPELLATE TRIBUNAL (CAT)
- The first and the only Cyber Court in the country have been established by the Central Government in accordance with the provisions contained under section 48(1) of the Information Technology Act, 2000.
- The court was initially known as the Cyber Regulations Appellate Tribunal (CRAT).
- The Tribunal after the amendment of the IT Act in the year 2009 is known as Cyber Appellate Tribunal (CAT).
INDIAN COMPUTER EMERGENCY RESPONSE TEAM (CERT-IN)
- CERT-IN is the national nodal agency set up under Section 70B of the Information Technology Act, 2000 to respond to computer security incidents as and when they occur.
- CERT-IN provides Incident Prevention and Response services as well as Security Quality Management Service.
- A state of the art Disaster Recovery (DR) site has been made optional at CDAC Bangalore which will take-up the essential IT services of CERT-IN.
- Security Assurance Framework: CERT-IN has taken steps to implement National Security Assurance Framework to create awareness in government and critical sector organizations and to develop and implement information security policy.
- National Cyber Security Policy: The National Cyber Security Policy was released in July, 2013 for public use and implementation by all relevant stakeholders.
- Crisis Management Plan: Crisis Management Plan (CMP) for countering cyber attacks and cyber terrorism had been approved by the National Crisis Management Committee (NCMC) for wider circulation and implementation.
- Cyber Security Drills: Indian Computer Emergency Response Team is carrying National Cyber Security mock drills with key sectors organizations to enable them in accessing their preparedness in dealing with cyber crisis situation.
- Security Cooperation and Collaborations: CERT-IN plays the role of mother CERT and is regularly interacting with the cyber security officers of sectorial CERTs in Defence, Finance, Power, Transport and other sectors to advise them in the matters related to cyber security.
- CERT-IN is a member of Forum of Incident Response and Security Teams (FIRST).
- CERT-IN has become Full Member of Asia Pacific CERT (APCERT) since August, 2008.
- CERT-IN has become Research Partner of Anti-Phishing Working Group (APVVG) to counter and develop best practices for containing phishing attacks.
- In the year 2011, CERT-In signed a MoU with US-CERT to enhance cooperation in the area of cyber security for rapid resolution of and recovery from cyber attacks.
- As part of MOU with National Computer Board, Mauritius, CERT-In is providing advice to make CERT, Mauritius fully operational and becoming member of Forum of Incident Response and Security Teams.
- Security Awareness: CERT-IN is conducting training workshops to train officials of Government, critical sector, public/ industry sectors, financial and banking sector and ISP’s on various contemporary and focused topics of information security.
- Cyber Forensics: Cyber Forensic Investigation Facility at CERT-IN had extended its technical support to National Investigation Agency (NIA), Serious Fraud Investigation Office (SFIO) and a few state police departments in investigation of some of the prime cases of cyber crimes, and setting up of cyber forensic labs.
- Network Traffic Scanning: CERT-In has set up a facility to gather useful network information from different IT networks across the country for meaningful analysis to detect and predict possibilities of cyber attacks.