Government Mandates Security Audit for Official Websites..

The government has directed various administrative bodies and officials to conduct security audits of their departmental websites and applications within one month.

Despite previous instructions, many websites remain unaudited, posing a heightened risk of cyber attacks.

In a circular, the government said that the information Technology Department has time-and-again issued instructions to all the Administrative Departments/Heads of Departments/Deputy Commissioners/Managing Directors of various PSUS/Boards/Corporations etc. to ensure security audit of their websites/applications periodically, at least once a year, in compliance with security policy, guidelines, and procedures, laid down by the CERT-In and Ministry of Electronics & Information Technology, Government of India.

Notwithstanding the instructions, the government noted that a “large number” of websites hosted on State Data Centre by different departments are still un-audited resulting in increased risk of cyber attacks as also reported by the CERT-In.

“Keeping in view the criticality of the matter, it is enjoined upon all Administrative Departments/Heads of Departments/Deputy Commissioners/Managing Directors of various PSUs/Boards/Corporations to ensure security audit of their departmental websites/applications through CERT-In empanelled agencies within a period of one month, to protect the Government entities against cyber threats. In case of failure, the government said that the application from State Data Centre shall be discontinued/shutdown, for which the concerned “Head of the Department shall bear the responsibility.”

Leave a Reply