Guidelines on Information Security Practices: CERT-In

Context: Recently, the Indian Computer Emergency Response Team (CERT-In) issued “Guidelines on Information Security Practices” for government entities for a safe and trusted Internet. About: Guidelines on Information Security Practices: CERT-In
  • Aim: To ensure an open, safe and trusted and accountable Internet for its users.
  • Need: India’s digital landscape has witnessed tremendous growth, with over 80 crore Indians (Digital Nagriks) actively utilizing the Internet and cyberspace.
  • Applicability: 
    • All Ministries, Departments, Secretariats, and Offices specified in the First Schedule to the Government of India (allocation of business) Rules, 1961, along with their attached and subordinate offices.
    • Public sector enterprises
  • Appointment of Chief Information Security Officer: Government organizations should appoint a Chief Information Security Officer (CISO) along with a dedicated cybersecurity team, independent of the IT operations team.
  • Password Management and Browser Security Guidelines: The guidelines recommend the use of complex passwords with a minimum length of 8 characters.
  • Comprehensive Security Domains Covered: The guidelines include various security domains such as network security, identity and access management, application security, data security, third-party outsourcing, hardening procedures, security monitoring, incident management, and security auditing.
  • Data Encryption and Protection: Organizations should identify and encrypt sensitive data during transmission and storage.
  • Threat Analysis and Mitigation: Organizations must analyze potential threats and adopt strategies to counter them.
  • Vulnerability Assessment: Conducting vulnerability assessments helps identify weaknesses in devices, systems, and potential threats related to specific ports and services.
  • Mandatory Cybersecurity Incident Reporting: All government and private agencies, including internet service providers, social media platforms, and data centers, must report cybersecurity breaches to the appropriate authority within six hours of detection.
  • Roadmap for Government and Industry: These guidelines are a roadmap for government entities and industry to reduce cyber risk, protect citizen data, and continue to improve the cyber security ecosystem in the country.
  • Facilitating Audits for Security Assessment: They will serve as a fundamental document for audit teams, including internal, external, and third-party auditors, to assess an organization’s security posture against the specified cybersecurity requirements.
Additional Information: About CERT-In
  • CERT-In is the national nodal agency for responding to computer security incidents as and when they occur.
  • Mandate:
    • Collection, analysis and dissemination of information on cyber incidents.
    • Forecast and alerts of cyber security incidents
    • Emergency measures for handling cyber security incidents
    • Coordination of cyber incident response activities.
 News Source: Times of India
Share this with friends ->