New Delhi: Strong passwords, multi-factor authentication for access to sensitive data, mandatory security audits of websites and applications, deployment of assistant chief information security officers and a bar on third-party emails are among the key measures that Delhi govt has adopted to protect public and official data stored across departments.The information technology department has issued the cyber security guidelines to all departments, local bodies, boards and commissions, directing them to tighten cybersecurity protocols and safeguard official IT infrastructure against rising cyber threats.
The move comes as govt plans to expand its digital infrastructure and build databases for various welfare schemes. The guideline underlines that any breach of govt systems could damage administrative credibility and compromise sensitive information, besides affecting governance delivery.Delhi govt holds extensive personal and household data of residents, including names, addresses, family details, income, education, profession, caste and age, collected through multiple departments. It is also in the process of creating a unified data hub, a centralised platform to integrate records from departments such as food and civil supplies, revenue, water (Delhi Jal Board), power, trade and taxes, and municipal bodies to generate “golden records” of beneficiaries, eliminate duplication and streamline welfare delivery.“Strong data protection mechanisms are essential to safeguard public privacy, prevent misuse and ensure trust in digital governance,” said an official. The departments have been asked to nominate an assistant chief information security officer as a single point of contact on priority to coordinate cybersecurity-related matters. The guideline cautions officials against opening anonymous links, suspicious websites or email attachments on office systems. Only NIC email IDs can be used for official communication, with third-party platforms barred for official work.Departments have been prohibited from using pirated software, and directed to install and regularly update antivirus systems. All devices, operating systems, software and SSL certificates must be kept updated to plug vulnerabilities.To strengthen access controls, departments will use strong passwords and enable multi-factor authentication for sensitive systems. Sharing of passwords has been prohibited. Employees will have to shut down systems before leaving office, maintain a detailed inventory of IT infrastructure and schedule regular data backups as per the prescribed policy.In the event of any cyber incident, departments must immediately report the matter to the national cybercrime helpline 1930 or via email to incident@cert-in.org.in and incident@nic-cert.nic.in.The advisory was circulated to all additional chief secretaries, principal secretaries, secretaries, heads of departments, local bodies, boards and commissions under Delhi govt.
