The Delhi government has issued a comprehensive set of cybersecurity guidelines on April 7, 2026, to protect its digital infrastructure and resident data. These rules make regular security audits and vulnerability assessments mandatory for all government departments, local bodies, and commissions. This move comes as a response to the rising number of cyber incidents in the country, ensuring that sensitive information like family details, income, and addresses remains secure from potential threats.

What are the mandatory security protocols for government departments?

The new policy focuses on several technical and administrative layers to prevent unauthorized access to government networks. Departments are now required to follow strict digital hygiene practices to maintain the integrity of their systems. The core requirements include:

  • Multi-Factor Authentication (MFA): This is now compulsory for all remote access to official systems to add an extra layer of security.
  • Inventory and Patching: Departments must maintain a full inventory of hardware and software and use a robust patch management system to fix vulnerabilities quickly.
  • Principle of Least Privilege: Users and applications will only be granted the minimum access necessary to perform their specific functions.
  • Software Restrictions: The use of pirated software is strictly prohibited, and antivirus systems must be updated regularly.
  • Physical Security: Employees are required to shut down their systems before leaving the office and maintain detailed IT infrastructure records.

How will compliance and monitoring be managed?

To ensure that these guidelines are implemented effectively, the Information Technology department has established a strict monitoring framework. Each department is required to nominate a specific officer to handle these matters. The following table summarizes the operational requirements for all Delhi government entities:

Feature Mandatory Requirement
Single Point of Contact Nomination of an Assistant Chief Information Security Officer (ACISO).
Official Email Use of National Informatics Centre (NIC) email IDs only for all communication.
Incident Reporting Immediate reporting of cyber incidents to the 1930 helpline or CERT-In.
Compliance Filing Submission of monthly compliance certificates by the 15th of every month.
Advanced Testing Conducting red team assessments and specialized cloud security audits.
Website Security All active websites must possess and maintain valid security audit certificates.

Gautam Sahu is a journalist and reporter at DelhiBreakings.com, covering Delhi NCR affairs and topics of wide public interest. He focuses on civic issues, public updates, and developments that directly affect everyday citizens.

He previously worked with Jagran Media (in-house) for four years and is a graduate of the Indian Institute of Mass Communication (IIMC), New Delhi (2016 batch). His reporting experience combines newsroom discipline with a strong understanding of ground-level public issues.

His areas of coverage include:

Delhi NCR local news and civic matters

Public announcements and policy updates

Finance-related developments affecting consumers

Automobile updates and mobility-related news

You can connect with him here:
LinkedIn: https://www.linkedin.com/in/gautam-sahu-57a0853a8/
X (Twitter): https://x.com/GautamSahuDelhi