Vaarta.space
Back to Blog
2026-04-18· 6 min read

CERT-In Compliance Guide — 6-Hour Incident Reporting & Log Retention | Vaarta

Decode CERT-In directives into actionable steps. Incident reporting within 6 hours, 180-day log retention, NTP sync, and technical controls for Indian businesses.

CERT-In Compliance India Incident Reporting

Key Directives

1. Incident Reporting: Report within 6 hours to incident@cert-in.org.in

2. Log Retention: Maintain 180 days rolling, within Indian jurisdiction

3. NTP Sync: All systems must sync with approved NTP servers


Implementation Timeline

  • 30 Days: Designate contact, set up reporting, configure NTP
  • 90 Days: Implement 180-day log retention, create IR playbook
  • 180 Days: Automate logging, conduct drills, regular audits

    • What to Report

    Targeted attacks, unauthorized access, data breaches, ransomware, website defacement.


    Vaarta.space

    Provides continuous security scanning to help detect misconfigurations that could be exploited.


    Conclusion

    CERT-In compliance is mandatory. Start with incident reporting and log retention.


    Related Articles

    2026-05-25

    DPDP Act 2023 Compliance Checklist for Indian Websites | Vaarta

    Complete DPDP Act 2023 compliance checklist for Indian websites. Check if your site meets data protection requirements with actionable security steps.

    2026-05-10

    DPDP Act Step-by-Step Implementation Guide for Indian Businesses | Vaarta

    Practical DPDP Act implementation guide. Data mapping, consent mechanisms, security controls, breach notification procedures, and compliance checklist.

    2026-04-25

    India Cyber Threat Landscape 2026 — Ransomware, Phishing Statistics | Vaarta

    India cyber threats 2026 report. Ransomware statistics, phishing attack vectors, sector-specific risks, and compliance requirements for Indian organizations.

    Ready to check your domain security?

    Run a free scan to identify potential vulnerabilities.

    Start Free Scan