Delhi Govt Cyber Security Advisory 2026: Mandatory IT Rules
The Information Technology Department of the Government of NCT of Delhi issued a highly urgent cybersecurity advisory in February 2026, directing all administrative departments, local bodies, and commissions to secure their digital infrastructure against rising cyber threats.
Authority: Information Technology Department, GNCTD
Reference: File No. E/2/2025-Development-INFORMATION TECHNOLOGY DEPARTMENT-Part(1)/1345-12
The directive addresses critical vulnerabilities in daily administrative operations. In practice, department heads frequently face severe audit objections if official files or sensitive departmental data are transmitted through unauthorized private email servers or third-party messaging applications.
Who is responsible for implementing these IT protocols?
All Additional Chief Secretaries, Principal Secretaries, Heads of Departments (HoDs), and administrators of Local Bodies under the Delhi Government are directly responsible for enforcing these compliance measures within their respective jurisdictions.
How To Secure Office IT Infrastructure In 2026
- Nominate an Assistant Chief Information Security Officer (ACISO) as the dedicated Single Point of Contact (SPoC) for the department on priority.
- Obtain and maintain valid security audit certificates for all active government websites and web applications.
- Transition all official digital communication exclusively to the designated NIC email platform.
- Enable Multi-Factor Authentication (MFA) and enforce strong password policies for accessing any sensitive data.
- Install updated antivirus software, regularly schedule data backups, and strictly avoid using any pirated applications on office machines.
- Ensure machines are properly shut down before leaving the office premises.
What is the protocol for reporting a cyber incident?
If a security breach or suspicious activity occurs, officials must report the incident immediately. Delays in reporting compromise the government’s ability to contain the threat and secure sensitive citizen data.
| Reporting Channel | Contact Details | Primary Usage |
|---|---|---|
| National Cyber Helpline | 1930 | Immediate telephonic reporting |
| CERT-In Response Team | incident@cert-in.org.in | Official incident documentation |
| NIC Security Team | incident@nic-cert.nic.in | Network and infrastructure breaches |
Official Communication and Software Compliance Mandates
The advisory explicitly restricts the digital tools and communication channels government employees are permitted to use for official administrative work to prevent unauthorized data exfiltration.
Use of NIC email for all official work
Implementation of Multi-Factor Authentication (MFA)
Valid website security audit certificates
Regular IT inventory and data backups
Using third-party communication channels
Opening anonymous links or attachments
Installing pirated software on office PCs
Sharing passwords with colleagues or staff
Are officers allowed to use third-party apps for official files?
No. The IT Department explicitly directs all staff to avoid third-party communication channels for official purposes. Government business must remain confined to the secure, monitored environment provided by the National Informatics Centre (NIC).
Frequently Asked Questions
Who must be nominated as the IT security contact in a Delhi Govt department?
Every department must nominate an Assistant Chief Information Security Officer (ACISO) to act as the Single Point of Contact (SPoC) for cybersecurity matters.
Can Delhi Government employees use private email for official work?
No. The advisory mandates the use of only NIC email for official communication and strictly advises against using third-party communication channels for official purposes.
Where should a government cyber incident be reported?
Incidents must be reported immediately by dialing 1930, or by emailing the official details to incident@cert-in.org.in or incident@nic-cert.nic.in.
What is the rule regarding government websites and applications?
All websites and applications running in GNCTD departments must possess a valid, up-to-date security audit certificate to remain operational.
हिंदी सारांश
दिल्ली सरकार के सूचना प्रौद्योगिकी विभाग ने 12 फरवरी 2026 को साइबर सुरक्षा पर एक सख्त एडवाइजरी जारी की है। इसके तहत सभी विभागों को अनिवार्य रूप से एक सहायक मुख्य सूचना सुरक्षा अधिकारी (ACISO) नियुक्त करना होगा। सरकारी कामकाज के लिए केवल एनआईसी (NIC) ईमेल का उपयोग अनिवार्य कर दिया गया है तथा किसी भी थर्ड-पार्टी ऐप के इस्तेमाल पर रोक लगा दी गई है। इसके अलावा सभी सरकारी वेबसाइट्स के लिए वैध सिक्योरिटी ऑडिट सर्टिफिकेट होना आवश्यक है।
Share This in Office WhatsApp Group
