India was recently nominated as Chair of the Common Criteria Development Board (CCDB) for the period April 2026 to April 2028. With reference to India's cybersecurity and information-technology assurance architecture, which one of the following statements is INCORRECT?
AThe Indian Computer Emergency Response Team (CERT-In), established in 2004 and given statutory recognition under Section 70B of the Information Technology Act, 2000, is the national nodal agency for responding to cybersecurity incidents; it operates under the Ministry of Electronics and Information Technology (MeitY).
BThe National Critical Information Infrastructure Protection Centre (NCIIPC), constituted in 2014 under Section 70A of the Information Technology Act, 2000, is the national nodal agency for the protection of critical information infrastructure (defined as those facilities and assets, the destruction of which would have a debilitating impact on national security, economy, public health or safety); it operates under the National Technical Research Organisation (NTRO).
CIndia has been a Certificate-Authorizing Member of the Common Criteria Recognition Arrangement (CCRA) since 2013, with the Standardisation, Testing and Quality Certification Directorate (STQC) — an attached office of MeitY — acting as the national Certification Body for evaluating IT security products against the Common Criteria (ISO/IEC 15408).
DThe National Cyber Security Coordinator (NCSC), set up in 2014 within the Office of the National Security Advisor at the Prime Minister's Office, is a CONSTITUTIONAL body established under Article 73 of the Constitution; its decisions are legally binding on all civilian Ministries and the armed forces of the Union.