J&K administrative deptts asked to shut down websites using private domains

Jammu, May 21: Keeping in view persisting cybersecurity threats, J&K Government has directed all its administrative departments to deactivate all official websites using private domains, not aligned with Government of India guidelines vis-à-vis official domain usage.

It has also made it mandatory for them to use only government email IDs for official communication for data confidentiality.

Besides, all the departments have been instructed to conduct a comprehensive IT infrastructure audit by their respective Chief Information Security Officers (CISOs) and Information Security Officers (ISOs).

They (departments) have been asked to submit a detailed compliance report to the Information Technology Department within 15 days.

These guidelines formed part of a detailed set of circular instructions issued by the General Administration Department (GAD) on Wednesday.

According to officials, these guidelines have become necessitated after noticing that various departments are operating official websites using private domains such as “.com”; “.org”, or “.net”, which are not aligned with Government of India guidelines on official domain usage.

“All such privately hosted or unauthorized departmental websites will be deactivated forthwith,” it was instructed during a meeting recently convened under the chairmanship of the Chief Secretary, Atal Dulloo.

During the meeting, the need for enforcing a secure, standardized, and policy-compliant digital and IT environment across government establishments was extensively deliberated.

“In view of the growing risks associated with unauthorized digital platforms, outdated hardware or software infrastructure, and increasing incidents of data compromise and phishing, a comprehensive set of instructions is being issued for immediate implementation and strict compliance of all Administrative Departments; Heads of Departments (HoDs) and Subordinate Offices,” the officials said.

As per instructions, NIC, J&K Centre will assist departments in migrating all existing websites to secure and authenticated government domains, preferably under “.gov.in” or “.jk.gov.in”.

“No future departmental websites shall be developed or hosted on non-government domains. All proposals for new websites must be routed through NIC and approved by the IT Department. To maintain data confidentiality and prevent leakage of sensitive information, no official communication will be made or responded to, if transmitted from non-government email accounts such as Gmail, Yahoo, Rediffmail, etc,” it has been strictly directed.

All officers and officials have been asked to mandatorily use NIC-provided email Ids (...@jk.gov.in /..@gov.in) for all forms of official correspondence. HoDs have been directed to ensure immediate issuance and activation of official NIC email IDs for all staff involved in administrative or public-facing roles.

“Any emails received from non-NIC domains shall be treated as unofficial and may not be acted upon. All Chief Information Security Officers (CISOs) and Information Security Officers (ISOs) designated in each department will conduct a detailed census and audit of IT infrastructure,” the guidelines specify.

The detailed census and audit of IT infrastructure will pertain to number and specifications of desktop or laptop systems; status of operating systems (licensed or unlicensed, updated or outdated); inventory of installed software (genuine vs pirated); antivirus or firewall status and last update logs; network architecture, access points, and security configuration.

It has been asked to ensure that that in all machines run genuine, licensed, and currently supported operating systems (e.g., Windows 11, Linux variants, etc.,), no pirated, obsolete, or end-of-life software is used; devices are protected with active antivirus or firewall systems and administrative access to systems is restricted and monitored.

In this connection, a standard IT asset inventory format will be circulated separately by the IT Department to facilitate uniform reporting.

For sensitization and capacity building of CISOs and IT staff, NIC will organise mandatory sensitization sessions for departmental CISOs and ISOs, focusing on basic and advanced cyber hygiene practices; safe configuration of email systems and digital infrastructure and threat detection, incident reporting, and response mechanisms.

All departments have also been instructed to ensure nomination of officers concerned for such sessions on priority.

They have been asked to ensure that procurement of IT hardware (laptops, desktops, printers, routers, etc.) conform to the minimum technical specifications notified by the Information Technology Department.

“Departments must discontinue usage of pirated or obsolete software, including unlicensed office suites, design tools, or database applications. Software currently in use will be regularly updated, and upgrades shall be planned for systems approaching end-of-support dates,” guidelines state.

Every department has been ordered to submit a detailed compliance report to the Information Technology Department through their respective Administrative Departments within 15 days of issuance of this circular.

The report will specifically indicate domain name status of departmental websites; compliance with government email usage; audit findings from IT infrastructure census; list of pirated or outdated software, if any, and proposed rectification plan.

It has been cautioned that failure to adhere to these instructions will be viewed seriously and may invite disciplinary action under relevant rules governing official conduct, IT usage, and administrative responsibility.

“The directions, issued with the approval of the Chief Secretary, J&K, will come into immediate effect. All departments are advised to accord top priority to the implementation of these guidelines in the interest of secure and accountable e-governance,” GAD Commissioner Secretary has instructed.