Platform

Why Rakuten SixthSense

Protect all your APIs from threats automatically with industry-first solutions

Why API Security

APIs power over 80% of internet traffic, but their security remains neglected

Instant API Threat Scan

Think your APIs are secure?

Find out in 5 minutes with an Instant Vulnerability Scan. No integration required.

Try Now

Solutions

INDUSTRIES

COMPLIANCES

RBI

Cert-in

NIST

PCIDSS

HIPAA

SOC2

Explore Compliances

Comply with global
regulations in minutes

APIs power your applications and carry sensitive data. Global mandates require organizations to secure PII across API networks....

Pricing

Resources

Educate

Blogs

Case Studies

Review & Reports

eBooks

Featured

The first step towards securing your APIs is understanding the risks. Find out all about the OWASP Top 10 API risks...

Integrations

Kong

NGINX

AWS

GCP

See More Integrations

Documentation

Security Center

Your API Security Snapshot

Vulnerability

Centralized Flaw Tracking

API Endpoints

Inventory and Deep Analysis

Analytics

Operational and Usage Insights

Anomaly

Behavioral and Threat Detection

Admin Panel

Control and Governance

See Complete Documentation

New

See how it works

Find out how Rakuten SixthSense maps your endpoints, gives you developer-friendly insights, and highlights vulnerabilities and anomalies

Product Tour Get Started Free

EBook

CERT-In Cybersecurity
Audit Mandate,
Effective July 2025

CERT-In, the Indian Computer Emergency Response Team, is the national nodal agency for responding to computer security incidents. In July 2025, CERT-In released a new mandate requiring all public and private organizations to undergo comprehensive annual cybersecurity audits, exclusively conducted by auditors who are officially empanelled by CERT-In.

Who Must Comply?

All Organizations operating in India, regardless of sector or size.

CERT-In Audit Mandate Coverage

Read

Auditee Responsibilities

	Governance & Oversight	Approve, oversee, and regularly review audit strategy and corrective actions. Annual reporting of audit program scope, frequency.
	Audit Scope Definition	Define comprehensive scope: all IT, OT/ICS, cloud, APIs, and data environments.
	Remediation & Follow-up	Implement recommended changes quickly. Patch vulnerabilities; facilitate follow-up audits as needed.
	Asset & Configuration Management	Maintain a full, updated inventory of hardware, software, and APIs. Enforce hardened, secure configurations (disable unused ports, secure defaults, principle of least privilege). Robust patch management.
	Monitoring & Secure Dev	Run ongoing internal security audits and risk reviews. Build secure coding and "secure by design" into projects from RFP stage onward. Version control and change management for audit artefacts/infrastructure.
	Active Audit Participation	Attend all kick off/exit meetings with auditors. Limit audit info access to essential staff; avoid "cosmetic" fixes.
	Risk Acceptance	Leadership must formally document and approve any risk exceptions.
	Data Handling	Securely store all audit artefacts (hashes, logs, evidence). Apply strict access control and data disposal per CERT-In guidelines.
	Continuous Improvement	Use audits to drive tangible, ongoing security enhancements. Move beyond "checkbox" compliance to true risk reduction.