National Bank for Agriculture and Rural Development (NABARD) is an apex development financial institution of the country, outlined to address the of an organizational device for resolving credit related issues linked with rural development. The institution has been entrusted with “matters concerning policy, planning, and operations in the field of credit for agriculture and other economic activities in rural areas in India” and is currently active in the development and implementation of the Financial Inclusion.

NABARD put forth a circular stating the necessity of implementing cyber security controls on the third-party payment ecosystem (ATM Switch) by the service providers for the cooperative banks and Regional Rural Banks. The agreement mandates the third-party ATM Switch ASP to comply with the cyber security controls given in the Annexure on an ongoing basis and to provide access to the RBI/NABARD for on-site/off-site supervision. The controls defined under the annexure are applicable to the ASP’s limited to the IT ecosystem providing ATM switch services as well as any other type of payment system related services to the banks.

Cyber Security Controls for ATM Switch Application Service Providers (ASPs):

  • Preventing access of unauthorized software

  • Environmental Controls

  • Network Management and Security

  • Secure Configuration

  • Application Security Life Cycle (ASLC)

  • Patch/Vulnerability and Change Management

  • User Access Control/Management

  • Data Leak prevention strategy

  • Audit Logs

  • Incident Response and Management

  • Advanced Real-time Threat Defence and Management

  • Vulnerability assessment and penetration Test

  • Forensics

  • Arrangement for continuous surveillance - Setting up of Cyber Security Operation Center (CSOC)

  • Compliance with various standards

Read the full document here:

The Auditor or the auditing firm meticulously verifies and categories elements of the system according to the guidelines. In case of any gaps in terms of compliance, the Auditor informs the bank regarding the non-compliance and offers solutions to ensure that everything is in line. Once all the required verification is carried out, the Auditor then gives the report the stamp of approval which showcases the reliability of the system provided by the company.

Audit Approach


Business Understanding

Evaluating business process and environment to understand the in-scope elements


Audit Scope Finalization

Detailed questionnaire shared with your teams to aid in the scope definition, planning and preparation of the audit and objectives


Initial/Readiness Assessment

As per the NABARD guidelines for 3rd Party ASPs, we will conduct an initial audit measuring the IT related risks to enhance the reliability of processes, critical system platforms, networks and physical components.


Risk Assessment

Identifying and analysing the risks in the information security posture.


Data Flow Assessment

Conducting thorough systems analysis to evaluate data flow and possible leakages


Remediation Support

As per the assessment QRC will provide remediation support for complying with the NABARD cybersecurity guidelines for each domain.


Scans And Testing

Identify critical vulnerabilities in your system with a robust testing approach


Evidence Review

Review of the evidence collected to assess their maturity, in line with the compliance


Final Audit

Post remediation, we conduct a final audit and review your evidence as identified during the audit. On successful closure, we will share the confirmation letter that all assets defined as per the scope meet the prescribed guidelines.


Concise Reporting

Our team documents a comprehensive report detailing all findings covered during the assessment cycle.

Related Updates

LinkedIn Facebook Twitter Youtube

We use cookies to enhance your user experience. By continuing to browse, you hereby agree to the use of cookies. Know more Privacy Policy & Cookies Policy.