Cyber Security – CERTs, Policy, etc

[pib] CERT-In authorized as CVE Numbering Authority (CNA)

Note4Students

From UPSC perspective, the following things are important :

Prelims level : CNA, CVE Program, CERT-IN

Mains level : Cyber security challenges for India

CERT-In has partnered with the Common Vulnerabilities and Exposures (CVE) Program and has been authorized as a CVE Numbering Authority (CNA) for vulnerabilities impacting all products designed, developed and manufactured in India.

What is CVE Program?

  • CVE is an international, community-based effort and relies on the community to discover vulnerabilities.
  • The vulnerabilities are discovered then assigned and published to the CVE List.
  • Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.
  • Partners publish CVE Records to communicate consistent descriptions of vulnerabilities.

Mission of the Program

  • The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
  • The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program.

Who are the CNAs?

  • CNAs are organizations responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the Vulnerability in the associated CVE Record.
  • The CVE List is built by CVE Numbering Authorities (CNAs).
  • Every CVE Record added to the list is assigned by a CNA.
  • The CVE Records published in the catalog enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks.
  • Each CNA has a specific Scope of responsibility for vulnerability identification and publishing.

Back2Basics: Indian Computer Emergency Response Team (CERT-IN)

  • CERT-IN is an office within the Ministry of Electronics and Information Technology.
  • It is the nodal agency to deal with cyber security threats like hacking and phishing. It strengthens the security-related defense of the Indian Internet domain.
  • It was formed in 2004 by the Government of India under the Information Technology Act, 2000 Section (70B) under the Ministry of Communications and Information Technology.

 

UPSC 2022 countdown has begun! Get your personal guidance plan now! (Click here)

Subscribe
Notify of
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Hank Fried
Hank Fried
6 months ago

Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities. https://www.solution2pass.com/8010-questions.html