NABARD Cyber Security controls for 3rd party ATM Switch ASP

NABARD Cyber Security controls for Third party ATM Switch Application Service Providers

National Bank for Agriculture and Rural Development (NABARD) is an apex development financial institution of the country, outlined to address the of an organizational device for resolving credit related issues linked with rural development. The institution has been entrusted with “matters concerning policy, planning, and operations in the field of credit for agriculture and other economic activities in rural areas in India” and is currently active in the development and implementation of the Financial Inclusion.

NABARD put forth a circular stating the necessity of implementing cyber security controls on the third-party payment ecosystem (ATM Switch) by the service providers for the cooperative banks and Regional Rural Banks. The agreement mandates the third-party ATM Switch ASP to comply with the cyber security controls given in the Annexure on an ongoing basis and to provide access to the RBI/NABARD for on-site/off-site supervision. The controls defined under the annexure are applicable to the ASP’s limited to the IT ecosystem providing ATM switch services as well as any other type of payment system related services to the banks.

Cyber Security Controls for ATM Switch Application Service Providers (ASPs):

  1. Preventing access of unauthorized software
  2. Environmental Controls
  3. Network Management and Security
  4. Secure Configuration
  5. Application Security Life Cycle (ASLC)
  6. Patch/Vulnerability and Change Management
  7. User Access Control/Management
  8. Data Leak prevention strategy
  9. Audit Logs
  10. Incident Response and Management
  11. Advanced Real-time Threat Defense and Management
  12. Vulnerability assessment and penetration Test
  13. Forensics
  14. Arrangement for continuous surveillance - Setting up of Cyber Security Operation Center (CSOC)
  15. Compliance with various standards

Read the full document here:

The Auditor or the auditing firm meticulously verifies and categories elements of the system according to the guidelines. In case of any gaps in terms of compliance, the Auditor informs the bank regarding the non-compliance and offers solutions to ensure that everything is in line. Once all the required verification is carried out, the Auditor then gives the report the stamp of approval which showcases the reliability of the system provided by the company.

NABARD 3rd Party ASP Cybersecurity Services

Working alongside RBI & NABARD Guidelines, QRC helps your organization with a wholesome approach, dealing with 3rd Party ATM Switch and infra controls. Our services are as follows:

Cyber Security Framework Services

  • Secure configuration of the ATM Infrastructure.
  • Vulnerability Assessment and Penetration Testing
  • Information Security Risk Assessment
  • Cyber Security Implementation
  • Cyber Security Audit and Assurance services (Cert-In Empaneled)

Aligning your organization controls as per the ATM Switch ASP Cybersecurity Framework significantly reduces the impact in wake of a cybersecurity incident. Banks need to assess their cybersecurity preparedness under the active guidance of a CERT-IN empaneled auditor. The audit will significantly help in:

  • Establishing strong governance collaboration within industry advanced real-time capabilities
  • Identifying gaps w.r.t. Cyber Security/Resilience Framework and closing it effectively
  • Update the measurement criteria for assessing effectiveness of controls including the risk assessment and risk management methodology followed by the bank
  • Improve customer trust and build cyber resilience

As a CERT-IN empaneled body, our solutions and implementation follow complete guidelines and are easy to combine with the infrastructure. We assist you with Cyber Security Incidents and Events, measuring the Control Effectiveness and User Training and Awareness.

Get Free Consultation