The Delhi government has issued a set of guidelines for all departments to ensure cybersecurity of their Information Technology (IT) infrastructure. The advisory comes after recently, the government had flagged redundant information on department websites and directed them to submit monthly compliance certificates confirming regular updates of their portals. In the advisory issued, the IT department said all departments must ensure adoption of proactive steps to safeguard IT infrastructure from any cyber incident.
“As the safety of IT infrastructure is most important and any breach may lead to bad name to the Delhi government, all departments of GNCTD must ensure to adopt following proactive steps to safeguard IT infrastructure from any cyber incident,” read the advisory.
The advisory further directed departments to nominate an Assistant Chief Information Security Officer (ACISO) as a single point of contact. It also mandated that all websites and applications running in departments must possess a valid security audit certificate.
To ensure uniformity, an online mechanism has been made mandatory for submitting the certificates. Designated nodal officers have been directed to log in to the prescribed portal and upload a digitally signed certificate by the concerned head of department. The basic details will be auto-populated, officials said, to reduce errors and delays.
Notably, the mechanism to upload the compliance certificates was operational earlier, due to laxity in filling out forms, it has now been made mandatory. In a circular issued by the IT department last week, the government noted that several departments had failed to submit compliance certificates within stipulated timelines. All departments will now have to submit the compliance information by the 15th of every month.
Officials have been asked not to open or download any anonymous links, websites or attachments on office machines and to use only NIC email for official communication, avoiding third-party communication channels for official purposes. The use of pirated software in office machines has been strictly prohibited and departments have been instructed to use antivirus software.
Any cyber incident must be reported immediately on 1930 helpline number, incident@cert-in.org.in, or incident@nic-cert.nic.in, the advisory read. The guidelines further stress proper shutdown of machines while leaving office, enforcement of strong passwords and multifactor authentication (MFA) for accessing sensitive data and information, and not sharing passwords with anyone.
Departments have also been directed to manage inventory of IT infrastructure installed, schedule and take backup of data as per policy, and keep all devices, operating systems, and software updated.
