CERT-In sets the rules for digital trust

The Indian Computer Emergency Response Team (CERT-In) has released the Comprehensive Cyber Security Audit Policy Guidelines (Version 1.0, July 2025)—a decisive move to strengthen the nation's digital security framework. Designed to introduce uniformity, clarity, and accountability, the guidelines aim to ensure that audits across government, critical infrastructure, and private enterprises become reliable benchmarks for risk reduction rather than routine exercises.

More than a technical document, the policy serves as a blueprint for organisations to measure, manage, and improve their cybersecurity posture in a structured and auditable way.

ESTABLISHING A UNIFIED AUDIT FRAMEWORK

The guidelines define a structured audit process that spans planning, scope definition, technical assessments, asset discovery, vulnerability scanning, and evidence gathering. They prescribe how findings must be categorised by severity and presented in standardised reports.

By setting a reproducible lifecycle, CERT-In ensures that audits move beyond a box-ticking approach. Each assessment is intended to deliver verifiable results that reduce tangible risks, elevating the audit process into a meaningful component of cyber resilience.

EXPANDING SCOPE ACROSS CRITICAL SECTORS