To report on vulnerabilities and promote effective IT security practices throughout
the country, the Security guidelines are issued from time to time by the Indian Computer
Emergency Response Team - CERT-In which is a government-mandated information
technology (IT) security organization tracking defacement of Indian websites on regular
basis.
Director General, CERT-In vide his do. letter No. 2(6)/2013-CERT-In dated 30th
January 2014 has informed that a total of 1933 and 1238 Indian websites were defaced
by various hackers during the month of November and December 2013 respectively. A
total of 12 & 14 websites belonging to Government Departments were defaced during
these months.
CERT-In has issued following security guidelines which may be referred from the
knowledge base section available on CERT-In website www.cert-in.org.in :
•
Web Server Security Guidelines
•
Securing IIS/ 7.0 Web Server Guidelines
•
Guidelines for Auditing and Logging
In view of the growing attacks on Indian Websites, all Pr. CCAs/CCAs/CAs
having independent charge are requested to issue necessary directions to the Pr.
Accounts Office/Pay & Accounts Offices under their control to download the security
guidelines from the website of CERT In and to follow them so as to ensure the required
safeguards for websites.