NABARD's Cyber Security Framework for
Regional Rural Banks

A Guided Path to Strengthening Digital Banking

Add a subheading 4

Four-Tiered Framework and Tailored Controls for RRB Cyber Security

Levels of Cyber Security Controls.

Level 1 (All RRBs)

RRBs must adopt baseline cyber security and resilience requirements as outlined in Annexure-I. This includes measures like inventory management of business IT assets, cyber crisis management plans, and user access control.

Level 2 (RRBs with Internet or Mobile Banking)

RRBs offering digital banking services need to implement additional controls specified in Annexure-II, on top of the Level 1 controls. This level introduces aspects such as application security lifecycle, anti-phishing measures, and periodic testing.

Level 3 (RRBs with Advanced Digital Interfaces)

If RRBs have their own ATM switch or SWIFT interface, they need to follow the advanced controls detailed in Annexure-III, in addition to the controls from Level 1 and 2. This includes advanced real-time threat defense and management, as well as risk-based transaction monitoring.

Level 4 (Digitally Advanced RRBs)

RRBs with a data center or those providing software support to other banks must implement an even more advanced set of controls outlined in Annexure-IV, alongside all the controls from previous levels. This level includes setting up a Cyber Security Operation Centre (C-SOC) and developing an IT and Information Security Governance Framework.

Self-Assessment & Timely Compliance

Vault saas2 features feature4 icon

– RRBs are encouraged to undertake a self-assessment to identify their respective levels based on the given criteria.

– It’s imperative for the Board of Directors to oversee the information security of the bank.

– RRBs should comply with the prescribed control requirements within the timelines stipulated in the circular.

The Vulnerability Index for Cyber Security Framework (VICS)

Level 1 (All RRBs)

– Utilize the VICS tool to assess the cyber security posture of your bank, as a guide to establish and enhance cyber security controls.

Get free VICS tool template

Controls to be Implemented by Respective Levels

Level 1 (All RRBs)

Under this level, RRBs are required to adhere to basic cyber security controls as specified in Annexure-I, which includes:

– Inventory Management of Business IT Assets

– Board approved Cyber Security Policy distinct from IT policy

– Cyber Crisis Management Plan

– Secure Mail and Messaging Systems

– User Access Control/Management

– Antivirus and Patch Management

– Environmental Controls and Network Management

Level 2 (RRBs with Internet or Mobile Banking)

In addition to Level 1 controls, RRBs in this category must implement further controls listed in Annexure-II, such as:

– Application Security Lifecycle (ASLC)

– Change Management and Periodic Testing

– Anti-Phishing Measures

– Authentication Framework for Customers

– Incident Response and Management

– Enhanced User/Employee/Management Awareness

Level 3 (RRBs with Advanced Digital Interfaces)

RRBs at this level need to adhere to the controls of Level 1 and 2, plus additional controls from Annexure-III, which include:

– Advanced Real-time Threat Defense and Management

– Risk-based Transaction Monitoring

– Maintenance, Monitoring, and Analysis of Audit Logs

– Enhanced Incident Response and Management 

Level 4 (Digitally Advanced RRBs)

Alongside the controls from previous levels, RRBs here are required to implement advanced controls as outlined in Annexure-IV, like:

– Establishment of Cyber Security Operation Centre (C-SOC)

– IT and IS Governance Framework

– Participation in Cyber Drills

– Forensics and Metrics

– Security Team/Function establishment

– Continuous Surveillance and Incident Response Management

Your Path to NABARD Compliance Begins with a Free Consultation

We can support you in adhering to the NABARD’s Cyber Security Framework for Regional Rural Banks.

  • Products
  • Services

Get Secured Today!

Click that button and let’s chat! We promise to turn the murky, often scary world of cybersecurity into a walk in the digital park for your organization. Together, let’s make cybersecurity a piece of cake!