Security Protocols for Website Protection by Goa Government

Altinho,Goa- October 2, 2024: The Department of Information Technology, Electronics and Communications (DITE&C), Government of Goa aims to create a secure and trusted online environment for all citizens. As the demand for digital government services continues to grow, so does the need for robust cybersecurity measures to protect sensitive information from potential threats.

The government has established comprehensive cybersecurity guidelines that all vendors, contractors, and service delivery agencies (SDAs) are mandated to follow, ensuring the highest standards of data protection. By incorporating security protocols at every stage of application development—from design to deployment and maintenance—vendors are working to keep citizens data safe and secure across all government operations.

To enhance the security of IT assets in remote data centers and cloud environments, the use of Hardware VPN Tokens and Multi-Factor Authentication (MFA) with VPN services is highly recommended. Additionally, DITE&C is organizing a specialized workshop for all government website developers and associated stakeholders. This workshop will focus on ensuring compliance with top security standards, updating vendors on the latest cybersecurity protocols, and aligning website stakeholders with best practices for secure operations.

All website design and development agencies empanelled under the WDDA project are required to adhere to the software security standards outlined in GIGW 3.0. This includes installing SSL certificates, conducting timely security audits, ensuring compliance, and obtaining STQC certification and adherence to TLS protocols.

To address any new and existing vulnerabilities, thorough audits of all government websites are conducted, focusing on identifying and rectifying security gaps. The renewal of SSL certificates for websites is also being prioritized, reinforcing online infrastructure. In addition, vendors are now required to provide comprehensive reports detailing their information security practices, promoting transparency and accountability.

All personnel involved in government operations are required to comply with established cybersecurity policies and undergo regular training, ensuring they are well-equipped to handle the latest security challenges. By enforcing these stringent guidelines, the government aims to build a robust framework that not only protects sensitive information but also fosters public trust in digital governance.

It is essential for government entities and their designated SDA/vendors/contractors to implement strong cybersquatting measures as the ICT infrastructure of the government remains a priority for safeguarding against malicious actors. Responsibility for effective cybersquatting practices lies with ICT asset owners and their partners, ensuring comprehensive protection for computers, servers, applications, and data from digital attacks.

Cyber Safety Guidelines for website development vendors  have been meticulously developed by DITE&C, Government of Goa and the objective of these guidelines is to establish a prioritized baseline for cybersecurity measures and controls, ensuring a secure framework when government-designated SDA/vendors/contractors manage ICT projects for government departments and autonomous bodies.

The Department of Information Technology, Electronics and Communications, Govt. of Goa is committed to upholding the highest standards of cybersecurity to ensure the safety and privacy of all citizens as it continues to advance Goa’s digital landscape.