National Bank for Agriculture and Rural Development (NABARD) is an apex development financial institution of the country, outlined to address the of an organizational device for resolving credit related issues linked with rural development. The institution has been entrusted with “matters concerning policy, planning, and operations in the field of credit for agriculture and other economic activities in rural areas in India” and is currently active in the development and implementation of the Financial Inclusion.

NABARD put forth a circular stating the necessity of implementing cyber security controls on the third-party payment ecosystem (ATM Switch) by the service providers for the cooperative banks and Regional Rural Banks. The agreement mandates the third-party ATM Switch ASP to comply with the cyber security controls given in the Annexure on an ongoing basis and to provide access to the RBI/NABARD for on-site/off-site supervision. The controls defined under the annexure are applicable to the ASP’s limited to the IT ecosystem providing ATM switch services as well as any other type of payment system related services to the banks.

Cyber Security Controls for ATM Switch Application Service Providers (ASPs):

  • Preventing access of unauthorized software

  • Environmental Controls

  • Network Management and Security

  • Secure Configuration

  • Application Security Life Cycle (ASLC)

  • Patch/Vulnerability and Change Management

  • User Access Control/Management

  • Data Leak prevention strategy

  • Audit Logs

  • Incident Response and Management

  • Advanced Real-time Threat Defence and Management

  • Vulnerability assessment and penetration Test

  • Forensics

  • Arrangement for continuous surveillance - Setting up of Cyber Security Operation Center (CSOC)

  • Compliance with various standards

Read the full document here:

The Auditor or the auditing firm meticulously verifies and categories elements of the system according to the guidelines. In case of any gaps in terms of compliance, the Auditor informs the bank regarding the non-compliance and offers solutions to ensure that everything is in line. Once all the required verification is carried out, the Auditor then gives the report the stamp of approval which showcases the reliability of the system provided by the company.

Audit Approach

NABARD 3rd Party ASP Cybersecurity Services

Working alongside RBI & NABARD Guidelines, QRC helps your organization with a wholesome approach, dealing with 3rd Party ATM Switch and infra controls. Our services are as follows:

Cyber Security Framework Services

  • Secure configuration of the ATM Infrastructure.

  • Vulnerability Assessment and Penetration Testing

  • Information Security Risk Assessment

  • Cyber Security Implementation

  • Cyber Security Audit and Assurance services (Cert-In Empaneled)


Aligning your organization controls as per the ATM Switch ASP Cybersecurity Framework significantly reduces the impact in wake of a cybersecurity incident. Banks need to assess their cybersecurity preparedness under the active guidance of a CERT-IN empaneled auditor. The audit will significantly help in:

  • Establishing strong governance collaboration within industry advanced real-time capabilities

  • Identifying gaps w.r.t. Cyber Security/Resilience Framework and closing it effectively

  • Update the measurement criteria for assessing effectiveness of controls including the risk assessment and risk management methodology followed by the bank

  • Improve customer trust and build cyber resilience

"As a CERT-IN empaneled body, QRC is authorized to help you understand, manage and comply with IRDA’s Cyber Security requirements as published in the IRDA’s Guidelines on Insurance E-Commerce on a periodic basis."

Related Updates

LinkedIn Youtube

We use cookies to enhance your user experience. By continuing to browse, you hereby agree to the use of cookies. To know more; visit our Privacy Policy & Cookies Policy.