NABARD Cyber Security Controls For Third Party ATM

Call Us

National Bank for Agriculture and Rural Development (NABARD) is an apex development financial institution of the country, outlined to address the of an organizational device for resolving credit related issues linked with rural development. The institution has been entrusted with “matters concerning policy, planning, and operations in the field of credit for agriculture and other economic activities in rural areas in India” and is currently active in the development and implementation of the Financial Inclusion.

NABARD put forth a circular stating the necessity of implementing cyber security controls on the third-party payment ecosystem (ATM Switch) by the service providers for the cooperative banks and Regional Rural Banks. The agreement mandates the third-party ATM Switch ASP to comply with the cyber security controls given in the Annexure on an ongoing basis and to provide access to the RBI/NABARD for on-site/off-site supervision. The controls defined under the annexure are applicable to the ASP’s limited to the IT ecosystem providing ATM switch services as well as any other type of payment system related services to the banks.

Cyber Security Controls for ATM Switch Application Service Providers (ASPs):

Preventing access of unauthorized software
Environmental Controls
Network Management and Security
Secure Configuration
Application Security Life Cycle (ASLC)
Patch/Vulnerability and Change Management
User Access Control/Management
Data Leak prevention strategy
Audit Logs
Incident Response and Management
Advanced Real-time Threat Defence and Management
Vulnerability assessment and penetration Test
Forensics
Arrangement for continuous surveillance - Setting up of Cyber Security Operation Center (CSOC)
Compliance with various standards

Read the full document here:

The Auditor or the auditing firm meticulously verifies and categories elements of the system according to the guidelines. In case of any gaps in terms of compliance, the Auditor informs the bank regarding the non-compliance and offers solutions to ensure that everything is in line. Once all the required verification is carried out, the Auditor then gives the report the stamp of approval which showcases the reliability of the system provided by the company.

Audit Approach

Business Understanding

Evaluating business process and environment to understand the in-scope elements

Audit Scope Finalization

Detailed questionnaire shared with your teams to aid in the scope definition, planning and preparation of the audit and objectives

Initial/Readiness Assessment

As per the NABARD guidelines for 3rd Party ASPs, we will conduct an initial audit measuring the IT related risks to enhance the reliability of processes, critical system platforms, networks and physical components.

Risk Assessment

Identifying and analysing the risks in the information security posture.

Data Flow Assessment

Conducting thorough systems analysis to evaluate data flow and possible leakages

Remediation Support

As per the assessment QRC will provide remediation support for complying with the NABARD cybersecurity guidelines for each domain.

Scans And Testing

Identify critical vulnerabilities in your system with a robust testing approach

Evidence Review

Review of the evidence collected to assess their maturity, in line with the compliance

Final Audit

Post remediation, we conduct a final audit and review your evidence as identified during the audit. On successful closure, we will share the confirmation letter that all assets defined as per the scope meet the prescribed guidelines.

Concise Reporting

Our team documents a comprehensive report detailing all findings covered during the assessment cycle.

Related Updates

A Go To Guide For Cybersecurity Technique.

The dependency on data is increasing as businesses and technologies evolve and so is the threat....