Who are AUAs and KUAs?
AUAs
Entities that use Aadhaar authentication services for their applications and services (e.g., banks for account opening, and telecom companies for SIM card issuance).
KUAs
Entities that use Aadhaar e-KYC services for verifying the identity of residents for KYC (Know Your Customer) purposes.
Governing Body
The Unique Identification Authority of India (UIDAI) is a statutory authority established under the provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (“Aadhaar Act 2016”) on 12 July 2016 by the Government of India, under the Ministry of Electronics and Information Technology (MeitY). The Aadhaar Act 2016 has been amended by the Aadhaar and Other Laws (Amendment) Act, 2019 (14 of 2019) w.e.f. 25.07.2019.
Who conducts the audit?
Audits are conducted by CERT-In Empanelled Security Auditors. These are entities authorized by the Indian government’s Computer Emergency Response Team (CERT-In) to perform security audits for organizations handling sensitive data.
WeSecureApp Cert-in empanelled Audit
As a CERT-In Empanelled Security Auditor, WeSecureApp is authorized to conduct comprehensive UIDAI – AUA KUA Compliance Security Audits for organizations handling Aadhaar data. We are committed to ensuring the confidentiality, integrity, and availability of this sensitive information, safeguarding the privacy of Indian residents.
How it works?
Audit Methodology
We share audit charter with the auditee highlighting the roles and responsibilities of the audit function as well as the audit objectives
Audit Initiation
We provide Auditee a DRL highlighting the required policies and further analysis of the same will be performed in line with the compliance
Document
Requirement List
Quantitative/Qualitative Risk Assessment will be conducted for every business process in scope and risk will be analyzed
Identification &
Analysis
Action points as well as risk response methodology will be suggested via GAP Assessment Report and an action plan will be asked from the auditee
Risk Response
We conduct review again post-deployment of the mitigations
Post-Deployment
Review
The common vulnerabilities we tackled in the past
The most frequent application vulnerabilities are not very different from the OWASP top 10 list.
Accounts Takeover
Subdomain Takeover
Blind XSS to Compromise Admin Panels
Sensitive Info Leakage on Public Repos
Remote Code Executions
Source Code Leakage
Broken Authentication
Broken Session Management
Broken Access Control
Cross-Site Request Forgery
Do you know?
Want a quick Audit?
Detect & prevent attacks, before they succeed.
Stay ahead of the rapidly evolving threat landscape and keep your data protected without having to spend a fortune.
What does the audit cover?
The audit typically covers various aspects of the AUA/KUA’s security practices, including
Data Security
Encryption, access control, data storage, breach prevention, and incident response mechanisms
System and Network Security:
Security of IT infrastructure, networks, and applications used for Aadhaar services
Compliance with UIDAI Regulations:
Adherence to the Information Security Policy, Authentication Users Manual, and other relevant guidelines.
Documentation and Training:
Existence of proper documentation and training for personnel handling Aadhaar data.
Our comprehensive audit services cover
In-depth Assessment
We thoroughly examine your AUA/KUA systems, processes, and controls against UIDAI’s stringent security requirements
Expertise in Information Security
Our team of certified security specialists possesses extensive experience in identifying and addressing vulnerabilities in Aadhaar-related systems
Compliance Guidance
We provide clear recommendations and support to ensure your organization achieves and maintains compliance with UIDAI regulations.
Tailored Solutions
We address your unique security challenges and create effective strategies to mitigate risks and protect Aadhaar data.
CERT-In Compliance
Our audits align with CERT-In guidelines, ensuring the highest quality and credibility of our assessments
What do you get?
Audit Draft
Report
Draft report of the audit emphasizing the initial discoveries/findings.
Remediation
Support
Through a GAP Assessment Report, remediations to the identified non-compliant controls will be advised.
Final Audit
Report
A comprehensive report that elaborates the final audit findings.
Compliance Letter
A letter that confirms that the requirements are met and all the applicable controls/regulations are fulfilled.
Take a peek into sample report
Our deliverables are comprehensive in nature that addresses both technical and business audiences.
Have you implemented the right security practice?
WE ARE CERTIFIED
TRUST WE GAINED
