New Delhi: Stepping up its cyber defence architecture amid rising digital threats, Delhi govt has issued a comprehensive set of cybersecurity guidelines, making a range of security audits and assessments mandatory across all departments.The directive requires departments to undertake regular risk assessments, vulnerability assessments and penetration testing to identify and plug potential weaknesses in their systems.Officials said the move is aimed at ensuring early detection of threats and strengthening the overall resilience of govt networks handling sensitive data.The guidelines lay strong emphasis on maintaining a complete inventory of authorised hardware and software assets, along with a robust patch management system to fix vulnerabilities in a timely manner. Departments have also been directed to ensure secure configuration of systems by disabling unused ports, changing default credentials and implementing appropriate access controls.To minimise internal and external risks, govt has mandated the principle of least privilege, under which users and applications will only be given minimum access required to perform their functions, said a senior official. Remote access to official systems has been tightened, with multi-factor authentication now compulsory and all access required to be encrypted and logged.In addition to basic safeguards, the policy introduces advanced security measures, such as red team assessments, which simulate real-world cyberattacks to test system preparedness. It also calls for specialised audits, including cloud security testing and artificial intelligence system audits to address emerging threat vectors.Departments will also be required to conduct network infrastructure audits, operational audits and source code reviews to ensure compliance with security best practices. Vendor risk management audits have been included to assess cybersecurity practices of third-party service providers and mitigate supply chain risks. The guidelines further stress the importance of log management and digital forensic readiness to aid in timely detection, investigation and response to cyber incidents.Officials said the framework aligns with national cybersecurity priorities and is designed to create a proactive security culture within govt departments. Another official said that with increasing reliance on digital platforms for governance and service delivery, Delhi govt wants to reduce vulnerabilities and enhance protection of critical infrastructure and citizen data.
