To protect official websites and digital records from cyberattacks, the Jammu and Kashmir Government on Wednesday directed all departments to adopt standard cybersecurity practices, discontinue unauthorized digital platforms, and ensure strict compliance with IT governance protocols.
According to a circular issued by the General Administration Department, the directive follows extensive deliberations chaired by the Chief Secretary of Jammu and Kashmir.
"In view of the growing risks associated with unauthorized digital platforms, outdated hardware/software infrastructure, and increasing incidents of data compromise and phishing, a comprehensive set of instructions is hereby issued for immediate implementation and strict compliance," the order reads.
Discontinuation of Private/Unauthorized Government Websites
The government has ordered the immediate deactivation of all private departmental websites operating on domains such as ".com," ".org," or ".net." All government websites must now be hosted exclusively on official domains such as ".gov.in" or ".jk.gov.in." Future proposals for new websites must be routed through the National Informatics Centre (NIC) and approved by the IT Department.
Accordingly, all such privately hosted or unauthorized departmental websites shall be deactivated forthwith. NIC, J&K Centre, shall assist departments in migrating all existing websites to secure and authenticated government domains, preferably under ".jk.gov.in."
"No future departmental websites shall be developed or hosted on non-government domains. All proposals for new websites must be routed through NIC and approved by the IT Department," the order clearly states.
The order further mandates the exclusive use of official NIC email IDs for all government communication. Emails sent from non-official domains such as Gmail, Yahoo, or Rediffmail will be treated as unofficial and may not be acted upon.
Comprehensive IT Infrastructure Audit by CISOs/ISOs
The order also instructs all Chief Information Security Officers (CISOs) and Information Security Officers (ISOs) designated in each department to conduct a detailed census and audit of their IT infrastructure. This audit shall include:
- Number and specifications of desktop/laptop systems
- Status of operating systems (licensed/unlicensed, updated/outdated)
- Inventory of installed software (genuine vs pirated)
- Antivirus/firewall status and last update logs
- Network architecture, access points, and security configuration.
Departments must ensure the following:
- All machines run genuine, licensed, and currently supported operating systems (e.g., Windows 11, Linux variants)
- No pirated, obsolete, or end-of-life software is used
- Devices are protected with active antivirus/firewall systems
- Administrative access to systems is restricted and monitored
- A standardized IT asset inventory format shall be circulated separately by the IT Department to facilitate uniform reporting.
Sensitization and Capacity Building of CISOs and IT Staff
NIC shall organize mandatory sensitization sessions for departmental CISOs and ISOs, focusing on:
- Basic and advanced cyber hygiene practices
- Safe configuration of email systems and digital infrastructure
- Threat detection, incident reporting, and response mechanisms
- Guidelines under the Information Technology Act and CERT-In advisories
- All departments must ensure the nomination of concerned officers for these sessions on priority.
Procurement and Standardization of IT Hardware and Software
All departments shall ensure that procurement of IT hardware (laptops, desktops, printers, routers, etc.) conforms to the minimum technical specifications notified by the Information Technology Department.
Departments must discontinue the use of pirated or obsolete software, including unlicensed office suites, design tools, or database applications. Software currently in use shall be regularly updated, and upgrades must be planned for systems approaching their end-of-support dates.
Monitoring, Reporting, and Enforcement
Each department shall submit a detailed compliance report to the Information Technology Department through their respective Administrative Departments within 15 days of the issuance of this circular.
The report shall specifically include:
- Domain name status of departmental websites
- Compliance with government email usage
- Audit findings from the IT infrastructure census
- A list of pirated/outdated software (if any) and the proposed rectification plan
The order warns that failure to adhere to these instructions shall be viewed seriously and may invite disciplinary action under relevant rules governing official conduct, IT usage, and administrative responsibility.
These directions are issued with the approval of the Chief Secretary, J&K, and shall come into immediate effect. All departments are advised to accord top priority to the implementation of these guidelines in the interest of secure and accountable e-governance.
