CERT-In Certification Process

Readify Your Application Fitness Through CERT-In Security Audits!

About CERT-In

CERT-In-Certification-process-2
contact us

CERT-In, the Indian Computer Emergency Response Team, is a nodal organization responsible for safeguarding IT security and fostering cyber security practices throughout India. Engaged in solidifying IT security-related defence, CERT-In has made it mandatory for the applications hosting in public domains to conduct security audits from its empanelled list.

Cereiv Advisory LLP hits the empanelled list of CERT-In with a service record of more than five years, conducting healthy engagements with our customers and ensuring them with ‘Safe to Host’ certificates upon full compliance. A team of qualified cyber security hands converged to conduct high-level security audits for applications.

Cert-In Certification Process

Our Security Audit process helps customers earn the needed Safe to Host certificate based on an iterative methodology.

CERT-In-Certification-process-3

Information gathering

The phase nurtures the Audit Service by gathering all necessary feeds and inputs required to conduct the auditing process. It involves scope identification, inspection and verifying other prerequisites needed to perform the audit.

It is also a process of gathering information regarding the subject application and how it works. It can ease the following testing module with a better understanding and knowledge on the same.

Initial Test

It involves various assessments and testing’s to dig out the lurked security vulnerabilities or threats present in your application infrastructure.

Automated Vulnerability Assessment: The security assessment phase uses vulnerability scanners or automated tools that crawl your applications probing security leaks and threats.

Manual penetration testing: It detects deep security issues and flaws that an automated test failed to surpass. It is a must-do compliance step for a robust security review.

Remediation

The remediation phase follows the testing report, which includes testing details and a complete list of recorded vulnerabilities on a priority basis. The remediation report carries elaborated snapshots of all application security flaws, including the action plan.

Action plan: The action plan represents the roadmap for organizations to patch the recorded vulnerabilities. Action plans go specific and prioritized.

Guidance: While remediation efforts go customer-centric, our technical cyber security experts provide the needed guidance to perform the patch.

Retest

Once the remediation phase gets completed from the customer end, we will perform retests as an iterative approach, ensuring everything lies in shape with the requirement.

Automated security assessments and manual penetration tests are again run on applications, ensuring vulnerability closures. If found, organizations are subject to further patching with a retest report.

Safe to Host Certificate

After completion of the retest phase, security analysts verify that no open vulnerabilities stick and reviews the vulnerability closure status.

Our senior consultants will conduct a quality assurance check. If everything is found upright, organizations will get a closed report and a Safe to Host Certificate.

Also, we provide a status report showing open and closed vulnerabilities if no new vulnerabilities are detected, and not all reported vulnerabilities are fixed.