UIDAI Compliance Audit – AUA

Authentication User Agency (AUA) is an entity engaged in providing Aadhaar Enabled Services to Aadhaar number Holder, using the authentication as facilitated by the Authentication Service Agency (ASA). An AUA may be government / public / private legal agency registered in India, that uses Aadhaar authentication services of UIDAI and sends authentication requests to enable its services / business functions.
As per UIDAI Guidelines, the client application is to be audited by information systems auditor(s) certified by CERT-IN and compliance audit report to be submitted to UIDAI.
CERT-IN (Computer Emergency Responses Team – India) is the Central Nodal Agency responsible for any Computer Security Incidents in the Indian subcontinent. The empanelled auditors will assess the information security risks and determine the effectiveness of information security controls over information resources and assets that support operations in the auditee organizations on their request. As a part of any audit, the auditors may interview key personnel, conduct vulnerability assessments & penetration testing, catalogue existing security policies and controls, and examine IT assets