SBOM Technical Guidance for India

India CERT-in SBOM Technical Guidance

CERT-In, or the Indian Computer Emergency Response Team, is the national agency responsible for responding to cybersecurity incidents in India. Established in 2004 and operating under the Ministry of Electronics and Information Technology (MeitY), CERT-In is tasked with improving the security of India's digital infrastructure. The organization plays a crucial role in preventing, detecting, and responding to cybersecurity threats that could affect Indian networks, government agencies, businesses, and citizens. CERT-In has also made it mandatory for certain sectors to report cybersecurity incidents within specified timelines to improve incident response and national security.

In October, CERT-in released SBOM technical guidelines for Indian public sector, government, essential services, organizations involved in software export and software services industry.  This 7-chapter document focuses on outlining the value of SBOM, setting up proceses and practices and lists recommendations and best practices.

In this post, we capture the key aspects of the guidance.