CERT-In issues “Guidelines on Information Security Practices” for Government Entities for Safe & Trusted Internet

Newdelhi:30/6/2 3:India’s digital landscape has witnessed tremendous growth, with over 80 crore Indians (Digital Nagriks) actively utilizing the Internet and cyberspace, making it one of the largest connected nations in the world. Citizens are increasingly relying on the Internet to cater to their daily requirements, including aspects such as business, education, finance, and availing digital government services.

Recognising the significance of a secure and trustworthy digital environment, the Government of India has formulated policies aimed at ensuring safe & trusted and secure cyber space for its users. It remains fully aware of the growing cyber threats and attacks present in today’s digital world.

To further address the goal of safe cyberspace, today the Indian Computer Emergency Response Team (CERT-In) has released guidelines on information security practices. These guidelines, issued under the powers conferred by clause (e) of sub-section (4) of section 70B of the Information Technology Act, 2000 (21 of 2000), apply to all Ministries, Departments, Secretariats, and Offices specified in the First Schedule to the Government of India (Allocation of Business) Rules, 1961, along with their attached and subordinate offices.

They also include all government institutions, public sector enterprises, and other government agencies under their administrative purview.

Shri Rajeev Chandrasekhar, Minister of State for Electronics & Information Technology & Skill Development and Entrepreneurship said, “The Government has taken several initiatives to ensure safe & trusted and secure cyber space. We are expanding and accelerating on Cyber Security – with focus on capabilities, system, human resources and awareness.”

These guidelines are a roadmap for the Government entities and industry to reduce cyber risk, protect citizen data and continue to improve the cyber security ecosystem in the country. They will serve as a fundamental document for audit teams, including internal, external, and third-party auditors, to assess an organisation’s security posture against the specified cybersecurity requirements.

“The guidelines are an important part of our larger cybersecurity framework being built under the leadership of our PM Narendra Modi ji as India takes rapid strides towards $1 Trillion Digital Economy,” the minister added.

The guidelines include various security domains such as network security, identity and access management, application security, data security, third-party outsourcing, hardening procedures, security monitoring, incident management, and security auditing.

Apart from adhering to the best practices in the field they also include guidelines prepared by the National Informatics Centre for Chief Information Security Officers (CISOs) and employees of Central Government Ministries/Departments to enhance cyber security and cyber hygiene.

These “Guidelines on Information Security Practices” for Government Entities for Safe & Trusted Internet are available at https://www.cert-in.org.in/guidelinesgovtentities.jsp