CERT-In has mandated annual third-party cybersecurity audits for both public and private organisations, marking a major policy shift. The guidelines promote a risk-based, domain-specific approach aligned with global standards. Emphasising strategic use over compliance, the policy aims to boost India's cybersecurity resilience through continuous monitoring, skilled audits.