Skip to main content

Directives on Cyber Security for Network and Information Systems for all Public Institutions

This Directive aims at providing important instructions and guidelines for securing GoR entities ICT infrastructures and Information.

Purpose of the Directive

This Directive aims at providing important instructions and guidelines for securing GoR entities ...

Minimizing the Exposure of Systems to External Networks

Install and configure Gateway firewall Configure Inbound and outbound ACL (Access Control List...

Intrusion Prevention System (IPS)

Implement IPS at gateway for all incoming and outgoing traffic to detect and prevent any intrus...

Email Protection

You must ensure that all the mails are scanned before entering into network/ email server and A...

Gateway Level Antivirus Protection

You must have gateway level antivirus protection to detect and disinfect the network traffic to e...

Wireless Protection

Wi-Fi must be secured by setting wireless hotspots using proper authentications and strong pass...

Web Browsing Protection

You must implement a web proxy to protect end users from web threats and control their time onl...

Securing On-premises Hosted Services

You must harden web servers and apps ensuring minimum secure application are hosted Every web ...

Visibility and Monitoring

Design and implement network to have clear visibility of the traffic going between:  Compute...

Patch Management

All the system and application MUST have latest patch installed Test the patch before applying...

Security Assessment

You must carry out Regular vulnerability scanning to ensure all the known vulnerabilities such ...

End User/ End Point Protection

Install End-Point Protection to secure all the end points such as Host based IDS / IPS for serv...

Implement Passwords Policy

Strictly use strong passwords:  Minimum 10 character Combination of Alpha numerical and spe...

Availability of Systems and Services

Ensure critical services are available whenever it required by: Having Redundant System compon...

Backups

All the GoR Entities should have backup:  Daily Weekly Monthly and Yearly One copy o...

Incident Management

Have a clearly defined incident management procedure (refer to the Incident management procedur...

Security Awareness

Conduct regular security awareness programs for the end-users and system administrators to secure...
Back to top