In a major crackdown on cybersecurity lapses and digital protocol violations, the Union Territory Government of Jammu and Kashmir has deactivated all unauthorized and privately hosted departmental websites with immediate effect.
The decision comes in light of growing cyber risks, including unauthorized platforms, phishing attacks, and data compromise incidents, raising concerns about the integrity of government digital infrastructure.
All Non-Government Websites Shut Down
In a circular issued by the General Administration Department, the Government stated that many departments were operating official websites on private domains like “.com”, “.org” and “.net”, which violate Government of India guidelines that mandate use of secure domains like “.gov.in” or “.jk.gov.in”.
Following a review chaired by the Chief Secretary, these websites have been taken offline. The NIC (National Informatics Centre), J&K Centre has been tasked with assisting departments in migrating to approved Government domains.
“No future websites shall be developed or hosted on non-Government domains,” the order clarified, adding that all proposals for new websites must go through the NIC and receive approval from the Information Technology Department.
No Official Communication via Gmail, Yahoo, or Rediffmail
The circular strictly prohibits the use of non-Government email services such as Gmail, Yahoo, Rediffmail, etc., for official communication. Departments have been instructed that:
- All staff must use NIC-issued email IDs ending in
@jk.gov.inor@gov.in. - Any email from non-NIC domains will be considered unofficial and may be ignored.
- Heads of Departments must immediately issue official email IDs to all administrative and public-facing employees.
Action Triggered After CERT-In Security Audit Report
Earlier, Jammuvirasat in an exclusively story reported that multiple Government websites were disabled for failing to present valid CERT-In (Computer Emergency Response Team-India) security audit certificates.
Read also: Government Websites in Jammu & Kashmir Face Shutdown Over Ignored Cybersecurity Protocols
CERT-In audits are essential for identifying vulnerabilities, ensuring compliance with cybersecurity protocols, and protecting sensitive government data.
Deadline for Compliance and Reporting
All departments are required to submit a compliance report within 15 days through their administrative channels to the IT Department. The report must include:
- Status of website domain alignment
- Use of official NIC email IDs
- Results of IT audit (hardware/software/network)
- List of outdated/pirated software, if any
- Proposed corrective action plan
Disciplinary Action for Non-Compliance
The circular warns that failure to comply with the instructions will be viewed seriously and may invite disciplinary action under relevant conduct and IT usage rules.
“Departments must accord top priority to the implementation of these guidelines to ensure secure and accountable e-governance,” the circular emphasized.
