In this study, I aim to analyze and understand how compliance and regulatory frameworks operate, with a focus on identifying the differences between global policies and Indian government policies in managing Identity and Access Management (IAM

In India, CERT-In (Computer Emergency Response Team) is managed by the Ministry of Electronics and Information Technology. There are strict guidelines to manage incidents and reporting key mandates (2022): including businesses, government bodies, service providers, and data centers — all must report specific types of cybersecurity incidents to CERT-In within 6 hours. Other key requirements include 180-day log retention, local log storage, and NTP synchronization.