The licensing of cybersecurity service providers (CSPs), accreditation of cybersecurity establishments (CEs), and certification of cybersecurity professionals (CPs) have all begun, according to the Cyber Security Authority (CSA).
This is in accordance with Sections 4(k), 49, 50, 51, 57, and 59 of the Cybersecurity Act, 2020 (Act 1038), which directs the Authority to oversee the aforementioned actions.
According to a statement made by the Authority, the goal of the regime is to certify that CSPs, CEs, and CPs provide their services in accordance with approved standards and procedures in line with national requirements and industry best practices. It also aims to ensure regulatory compliance with the Cybersecurity Act, 2020 (Act 1038).
The license and accreditation framework will apply to both new and current CSPs, CEs, and CPs as of March 1, 2023. Vulnerability Assessment and Penetration Testing (VAPT), Digital Forensics Services, Managed Cybersecurity Services, Cybersecurity Governance, Risk and Compliance (GRC), and Cybersecurity Training are the first five important categories in which CSA will license Cybersecurity Service Providers.
According to the legislation, cybersecurity experts who possess the necessary training, can demonstrate their proficiency, and have work experience must also be accredited in the aforementioned fields.
Facilities providing Managed Cybersecurity Services and Digital Forensics in the nation will both need to be accredited as Cybersecurity Establishments.