No MF-CGA/ITD-SPC/Cert-I n/2013-14/ c:311 " (1 -C(X
Government of India
Ministry of Finance, Department of Expenditure
Controller General of Accounts
Information Technology Division
Dated, 26th February 2014
To report on vulnerabilities and promote effective IT security practices throughout
the country, the Security guidelines are issued from time to time by the Indian Computer
Emergency Response Team - CERT-In which is a government-mandated information
technology (IT) security organization tracking defacement of Indian websites on regular
Director General, CERT-In vide his do. letter No. 2(6)/2013-CERT-In dated 30th
January 2014 has informed that a total of 1933 and 1238 Indian websites were defaced
by various hackers during the month of November and December 2013 respectively. A
total of 12 & 14 websites belonging to Government Departments were defaced during
these months.
CERT-In has issued following security guidelines which may be referred from the
knowledge base section available on CERT-In website :
Web Server Security Guidelines
Securing IIS/ 7.0 Web Server Guidelines
Guidelines for Auditing and Logging
In view of the growing attacks on Indian Websites, all Pr. CCAs/CCAs/CAs
having independent charge are requested to issue necessary directions to the Pr.
Accounts Office/Pay & Accounts Offices under their control to download the security
guidelines from the website of CERT In and to follow them so as to ensure the required
safeguards for websites.
(Madan Mohan)
Jt. Controller General of Accounts
1. All Pr. CCAs/CCAs/CAs (with Independent charge).
2. Jt. CGA (CPSMS), 0/o CGA.
3. Jt. CGA (Administration), 0/o CGA