Jammu: J&K government has asked all its departments and offices, intending to host respective websites or Applications in State Data Centre (SDC) Jammu, to “get security audit” of the same (website or Apps) “done from CERT-In, Government of India (Gol) based certified empanelled agency.”
They have also been asked to submit a ‘Safe to Host’ certificate to the SDC team.”
In this connection, J&K e-Governance Agency (J&KeGA) Information Technology Department Chief Executive Officer Amit Sharma has cautioned that the security audit of the websites or Applications already hosted at SDC may be completed within two months after which the hosting services will be stopped at the State Data Centre.
As per IT Act 2008, it is mandatory to have a security audit of all the applications and web services to be eligible for hosting in the State Data Centre (SDC).
Similarly, the ‘Safe to Host’ certificate of the applications or websites is mandatory in order to avail the continuous hosting services at State Data Centre (SDC).
CERT-In (the Indian Computer Emergency Response Team), a government mandated Information Technology (IT) security organisation, responds to “computer security incidents, report on vulnerabilities and promote effective IT security practices.”
“A website security audit is a process that assesses a website or Application for vulnerabilities and loopholes. A website security audit scans the website and its server for the existing or potential weaknesses that hackers can exploit. The purpose of website security audit is to proactively look for discrepancies in website’s architecture and eliminate them before hackers, with malicious intent, can notice it,” said CEO Sharma.
“Since there are constant changes being done in the solutions deployed at SDC, it is strongly recommended that post successful hosting of a website in SDC, a periodic security audit, as per the required frequency, should be executed for the same,” he added.
“The security audit of the websites or applications already hosted at SDC, may be completed within two months time after the issuance of this circular, failing which, the hosting services will be stopped at the State Data Centre. The empanelled list of the certifying agencies can be obtained from the official website of Indian Computer Emergency Response Team, CERT-In, MeitY (www.cert-in.org.in),” Amit Sharma said in a circular.