CBSE Re-evaluation Portal: Security and Implementation Details
The Central Board of Secondary Education (CBSE) has received final security clearance for its examiner-facing re-evaluation portal, following a comprehensive cybersecurity review led by IIT experts.
Background and Development
- The portal's clearance marks the next step in reassessing Class 12 answer scripts, initially delayed due to vulnerabilities identified in CBSE's digital systems.
- The IIT teams, responsible for the security audit, remain on standby to address any new issues during the re-evaluation process.
Changes in Platform and Workflow
- CBSE opted to migrate student and examination data from the Coempt EduTeck platform to its own infrastructure, redesigning the workflow to enhance control and security.
Cybersecurity Recommendations
- The IIT-led teams are preparing recommendations for the Education Ministry and CBSE, advocating for cybersecurity considerations from the early stages of software development.
- A "red-teaming" exercise by an independent group is recommended for testing software robustness before deployment.
Security Testing and Methodology
- The audit utilized the "red team-blue team" method:
- The "blue" team, comprising original developers and experts from IIT Madras and the Digital India Corporation, focused on fixing vulnerabilities.
- The "red" team from IIT Kanpur attempted to identify system weaknesses.
- The final testing phase revealed no significant vulnerabilities, allowing the portal to be cleared for use.
Re-evaluation Process Implementation
- The examiner-facing platform, previously unavailable, is now accessible for examiners to handle re-evaluation requests.
- Examiners will review only specific questions flagged by students, accessing scanned scripts digitally on tablets.
- The original evaluator's marks will be hidden to promote unbiased independent assessments.
