India on IntelliXBOMhttps://intellixbom.com/tags/india/Recent content in India on IntelliXBOMHugoen-usMon, 13 Apr 2026 18:00:00 +0530SEBI's CSCRF Names SBOMs Here's What GV.SC.S5 Actually Demands (and Where It Still Leaves Gaps)https://intellixbom.com/blog/sebi-cscrf-sbom-gv-sc-s5-capital-markets/Mon, 13 Apr 2026 18:00:00 +0530https://intellixbom.com/blog/sebi-cscrf-sbom-gv-sc-s5-capital-markets/<p>When SEBI published its <strong>Cybersecurity and Cyber Resilience Framework (CSCRF)</strong> in August 2024 (<strong>Circular SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113</strong>, 20 August 2024), many teams scanned the document for one question: <em>does the capital markets regulator treat software supply chain risk as a first class problem?</em></p> <p>The answer is <strong>yes, explicitly</strong>. Under <strong>Governance → Supply Chain Risk Management</strong>, Standard <strong>GV.SC.S5</strong> mandates <strong>Software Bills of Materials (SBOMs)</strong> for Regulated Entities (REs), with <strong>SolarWinds</strong> and <strong>Apache Log4j</strong> cited as motivating context. That level of specificity is unusual and welcome for a financial sector framework.</p>Don't Trust the SBOM Your Vendor Gave Youhttps://intellixbom.com/blog/dont-trust-vendor-sbom-certin/Thu, 09 Apr 2026 12:00:00 +0530https://intellixbom.com/blog/dont-trust-vendor-sbom-certin/<p>Regulators across the world are finally getting serious about the software supply chain. India&rsquo;s CERT-In SBOM Technical Guidelines (v2.0, July 2025) go beyond just SBOMs they extend to a broader BOM ecosystem, including CBOM, QBOM, AIBOM, and HBOM. This makes the requirement not just about software components, but about understanding the full composition of modern systems.</p> <p>Globally, the direction is the same whether it&rsquo;s the US Executive Order 14028, the EU Cyber Resilience Act, RBI Advisory 11/2024, or MeitY&rsquo;s 2025 guidelines.</p> Your Vendor NDA Won't Stop a Supply Chain Attackhttps://intellixbom.com/blog/irdai-cybersecurity-2026/Mon, 06 Apr 2026 00:00:00 +0000https://intellixbom.com/blog/irdai-cybersecurity-2026/<p><strong>IRDAI&rsquo;s New Rules Won&rsquo;t Save You.</strong></p> <p><em>What the 2026 IRDAI Guidelines on Information and Cyber Security for Regulated Entities get right, what they miss, and the one capability every regulated insurer needs to deploy now.</em></p> <hr> <p>The Insurance Regulatory and Development Authority of India (IRDAI) has significantly raised the bar with its amended Cybersecurity Guidelines 2023 (Annexure A). For every insurer and insurance intermediary operating in India, these amendments are not optional fine print they are a direct signal that cybersecurity governance must now match the sophistication of today&rsquo;s threat landscape.</p>