Jammu: The J&K government has asked all its departments and their nodal agencies to get the security audit of their websites or applications hosted at the State Data Centre (SDC) conducted from Indian Computer Emergency Response Team (CERT-In) empanelled agencies besides submitting same to this agency within one month.
J&K e-Governance Agency Chief Executive Officer, through a circular, has cautioned that the “security audit of the websites or applications should be completed within one month from date of issuance of this circular failing which the services will be shut from State Data Centre (SDC).
Warning has been issued after taking a serious view of non-compliance of guidelines issued in this connection by the majority of the departments.
“J&K e-Governance Agency, Information Technology Department vide its circular No 02-JakeGA of 2022 dated March 28, requested all the departments and their nodal agencies to get the security audit of their websites or applications hosted at SDC conducted from CERT-In, empanelled agencies besides submitting same to this agency. However, it is regretfully intimated that only few departments have got the mandatory exercise completed,” J&K e-Governance Agency CEO Anuradha Gupta mentioned.
“To protect information in cyberspace, reduce vulnerabilities and minimize damage from cyber incidents and most importantly, to protect government data hosted in SDC, it is imperative that websites and applications are audited and updated with latest security certificates on periodic basis as per the guidelines issued by the CERT-In,” she pointed out.
Moreover, as per IT Act, it is mandatory to have security audit of all the application and web services done in order to be eligible for hosting in State Data Centre (SDC).
“It is further informed that no further websites or applications shall be hosted at the State Data Centre without the “Safe to Host” certificate. The “Safe to Host” certificate of the applications or websites will be mandatory in order to avail the continuous hosting services of State Data Centre,” she cautioned.
Besides, the departments have been asked to follow an advisory. The advisory mentioned that the website should be audited by the CERT-In empanelled agencies and it should be cleared for the security audit to be finally hosted on J&K Data Centre servers.
“The required changes suggested in the audit report have to be carried out by the developing agency to remove all the identified vulnerabilities. The Security Audit should be done as and when any changes are made in the source code. It shall be ensured that all websites or applications, their respective CMS (Content Management System), 3rd party plug-ins, codes etc., are updated to the latest versions,” it added.