Tools & Resources
The 2024 CERT-In Audit Checklist for Startups
Preparing for a CERT-In audit can feel overwhelming. To help you streamline the process, we've compiled a technical checklist based on the latest 2024 standards for web and mobile applications.
Identity & Access Management
- Implement MFA on all admin panels
- Enforce strong password policies
- Conduct quarterly access reviews
Data Security
- Encrypt all sensitive data at rest (AES-256)
- Use TLS 1.3 for data in transit
- Implement database activity monitoring
Network Security
- Configure WAF for OWASP Top 10
- Perform monthly internal vulnerability scans
- Isolate production from dev/stage environments
Endpoint Protection
- Deploy EDR/AV on all critical servers
- Disable unused ports and services
- Enable centralized log management (SIEM)
Remember: A checklist is just the beginning. A true CERT-In audit involves manual exploitation that a static checklist cannot fully capture.
Ready for the real thing?
Download our full technical documentation or speak with an auditor to map your environment.
Get Custom ChecklistNeed Help Patching Gaps?
Our remediation support team works with your developers to fix vulnerabilities found during the audit.
Contact ExpertsRelated Resources
Continue your research with these relevant guides and services.