Reporting to the CBB
CRA-5.8.33
Upon occurrence or detection of any
cyber security incident or detection of any unplanned outages, whether internal or external, that compromises client information or disrupts critical services that affect operations,licensees must contact the CBB, immediately (within one hour), on 17547477 and submit Section A of the Cyber Security Incident Report (Appendix-B) to the CBB’s cyber incident reporting email, incident.cra@cbb.gov.bh, as soon as possible, but not later than two hours, following occurrence or detection of any cyber incidents.Added: April 2023CRA-5.8.34 CRA-5.8.34
Following the submission referred to in Paragraph CRA 5.8.33, the
licensee must submit to the CBB Section B of the Cyber Security Incident Report (Appendix B) within 10 calendar days of the occurrence of the cyber security incident.Licensees must include all relevant details in the report, including the full root cause analysis of the cyber security incident, its impact on the business operations and clients, and all measures taken by the licensee to stop the attack, mitigate its impact and to ensure that similar events do not recur. In addition, a weekly progress update must be submitted to CBB until the incident is fully resolved.Added: April 2023CRA-5.8.35
With regards to the submission requirement mentioned in Paragraph CRA-5.8.34, the
licensee should submit the report with as much information as possible even if all the details have not been obtained yet.Added: April 2023CRA-5.8.36
The vulnerability assessment and penetration testing report (see Paragraph CRA-5.8.13I), along with the steps taken to mitigate the risks must be maintained by the
licensee for a five-year period from the date of the report.Added: April 2023
