{"id":250280,"date":"2023-07-01T19:12:09","date_gmt":"2023-07-01T13:42:09","guid":{"rendered":"https:\/\/blog.forumias.com\/?p=250280"},"modified":"2023-07-01T19:12:09","modified_gmt":"2023-07-01T13:42:09","slug":"cert-in-issues-guidelines-on-information-security-practices-for-government-entities-for-safe-trusted-internet","status":"publish","type":"post","link":"https:\/\/forumias.com\/blog\/cert-in-issues-guidelines-on-information-security-practices-for-government-entities-for-safe-trusted-internet\/","title":{"rendered":"CERT-In issues \u201cGuidelines on Information Security Practices\u201d for Government Entities for Safe & Trusted Internet"},"content":{"rendered":"\n

Source: <\/b>The post is based on the articl<\/span>e \u201c<\/b>CERT-In issues \u201cGuidelines on Information Security Practices\u201d for Government Entities for Safe & Trusted Internet<\/b>\u201d <\/b>published in <\/span>PIB on 1st July 2023<\/b><\/p>\n

What is the News?<\/b><\/h2>\n

Indian Computer Emergency Response Team (CERT-In) on Friday issued \u201cGuidelines on Information Security Practices\u201d for government entities for safe and trusted Internet. The guidelines have been issued under section 70B of the Information Technology Act, 2000.\u00a0<\/span><\/p>\n

What is the purpose of Guidelines on Information Security Practices for Government Entities?<\/b><\/h2>\n

The guidelines are a roadmap for government entities and industries to reduce cyber risk, protect citizen data and continue to improve the cybersecurity ecosystem in the country.\u00a0<\/span><\/p>\n

The guidelines will apply to all Ministries, Departments, Secretariats, and Offices specified in the First Schedule to the Government of India (allocation of business) Rules, 1961, along with their attached and subordinate offices.<\/span><\/p>\n

What are the key guidelines issued by CERT-In?<\/b><\/h2>\n

\"\"<\/p>\n

Source: Business Standard<\/p>\n

Firstly, <\/b>Government organizations should mandatorily report cyber incidents to CERT-In within six hours of noticing them, as private entities do. They must do so even if third parties flag such incidents. The information shall be shared with stakeholders like sectoral CERTs and regulators.<\/span><\/p>\n

Secondly<\/b>, Government offices need to conduct an internal and external audit of their entire cyber infrastructure and deploy appropriate security controls based on the audit.\u00a0<\/span><\/p>\n

\u2013 Internal information security audits shall be conducted at least once in six months, while third-party security audits need to be conducted annually.<\/span><\/p>\n

Thirdly, <\/b>Government organizations need to appoint a Chief Information Security Officer (CISO) who would be accompanied by a dedicated cybersecurity team, separate from the IT operations team.<\/span><\/p>\n

Fourthly,<\/b> Government employees can now use only standard user (non-administrator) accounts for accessing the computers for regular work. Admin access will be given to users only with the approval of the chief information security officer (CISO).<\/span><\/p>\n

Fifthly,<\/b> Government bodies shall maintain an inventory of authorized hardware and software for their organization, along with a mechanism for automated scanning to detect any unauthorized device or software.<\/span><\/p>\n

Lastly,<\/b> the guidelines recommend the use of complex passwords with a minimum length of 8 characters; Never store any usernames and passwords on the Internet browser; and do not store any payment-related information on the Internet browser.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Source: The post is based on the article \u201cCERT-In issues \u201cGuidelines on Information Security Practices\u201d for Government Entities for Safe & Trusted Internet\u201d published in PIB on 1st July 2023 What is the News? Indian Computer Emergency Response Team (CERT-In) on Friday issued \u201cGuidelines on Information Security Practices\u201d for government entities for safe and trusted… Continue reading CERT-In issues \u201cGuidelines on Information Security Practices\u201d for Government Entities for Safe & Trusted Internet<\/span><\/a><\/p>\n","protected":false},"author":10317,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[1566,1731,1738,9],"tags":[3590],"class_list":["post-250280","post","type-post","status-publish","format-standard","hentry","category-daily-factly-articles","category-bill-and-acts","category-science-and-technology-daily-factly-articles","category-public","tag-pib","entry"],"jetpack_featured_media_url":"","views":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts\/250280","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/users\/10317"}],"replies":[{"embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/comments?post=250280"}],"version-history":[{"count":0,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts\/250280\/revisions"}],"wp:attachment":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/media?parent=250280"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/categories?post=250280"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/tags?post=250280"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}