The Central Board of Secondary Education (CBSE) received its final cybersecurity clearance for the examiner-facing re-evaluation portal on Friday night, June 6, 2026, following the last round of security testing by the IIT-led red team and blue team audit, clearing the way for the full reassessment of Class 12 answer scripts to begin. The development was first reported by The Indian Express on June 8, 2026, citing officials with direct knowledge of the process.
An IIT official confirmed: “From our side, we gave a green signal on Friday night. Whatever we found has been fixed and we could not find anything more. There may be some minor vulnerabilities, but nothing that would have any impact.”
This is a critical milestone for the over 70,000 students who had submitted valid requests for verification of marks and re-evaluation before the June 7 midnight deadline. While students had been able to submit requests since the portal opened on June 2, actual examiner-level access to answer scripts was blocked until the security clearance was formally issued.
What Changed: Coempt Data Shifted to CBSE Servers
A key development that was confirmed by an IIT official speaking to ANI on June 6 is that CBSE has retained COEMPT Eduteck Pvt Ltd for the limited purpose of scanning answer sheets for the re-evaluation process. However, all data and records from the OSM system have been moved from Coempt’s vendor servers to CBSE-controlled infrastructure.
The IIT official stated: “The scanned answer scripts and associated data were originally hosted on the vendor’s servers. We brought the data to CBSE servers and reviewed and improved the OSM code so that it could run on CBSE infrastructure. When security is a concern, it is naturally better to have the system under CBSE’s control rather than depend entirely on a vendor’s servers.”
How the Red Team Blue Team Audit Worked
The cybersecurity audit employed a “red team, blue team” methodology:
| Team | Role | Institution |
|---|---|---|
| Blue Team | Code improvement and vulnerability fixing | CBSE developers, IIT Madras, and Digital India Corporation (DIC) |
| Red Team | Penetration testing and attempted breach of the system | IIT Kanpur |
IIT Kanpur’s cybersecurity team worked for more than ten days on two critical systems: the CBSE registration portal and the OSM re-evaluation portal. The registration portal had previously been taken offline after a cyberattack before being relaunched on June 2. The OSM portal underwent multiple rounds of testing before the Friday night green signal.
Ethical Hacker Nisarga’s Contribution Acknowledged
The IIT Kanpur official confirmed that ethical hacker Nisarga Adhikary, the 19-year-old cybersecurity researcher who publicly disclosed vulnerabilities in the OSM portal, was invited by CBSE to explain how the vulnerabilities were discovered. He was appreciated for the contribution. The official added: “So far, we have not found any breach of data from the systems that have been created.”
How Re-Evaluation Works Under the New System
Under the revised, CBSE-controlled system, the re-evaluation process is structured as follows:
- Examiners access the portal and receive only the specific questions flagged for re-evaluation by each student — not the entire answer book
- Access is provided through CBSE-issued tablets
- Examiners award marks according to CBSE’s original marking scheme
- The process is fully digital with complete audit trails
IIT Recommendations for Future Exams
IIT-led teams are now preparing formal recommendations for the Ministry of Education and CBSE on strengthening cybersecurity for all future examination software. The expected key recommendations are:
- All examination software must undergo comprehensive “red-teaming” exercises by independent expert groups before deployment
- Cybersecurity safeguards must be integrated at the earliest stages of software development, not as an afterthought
- Vendor data should not be the primary store for sensitive examination records
What Students Must Do Now
Students who submitted valid applications before June 7 midnight at @cbse.gov.in should now wait for their re-evaluation results. Re-evaluation results typically take 4 to 8 weeks from the date the process begins. For help: Call 1800 11 8004 or email resultcbse2026@cbseshiksha.in
