Skip links

The Government of Pakistan has proposed a new cybersecurity framework that would require government organizations hosting websites and digital applications abroad to move them to data centres within the country.

The proposed Pakistan Information Security Framework, or PISF, is aimed at strengthening the security, resilience, and oversight of government digital systems, according to the draft measures.

Under the framework, government-run data centres, email services, and web hosting platforms would have to comply with a broad set of mandatory cybersecurity controls. These include next-generation firewalls, intrusion detection and prevention systems, distributed denial-of-service protection, secure backup arrangements, vulnerability management, continuous monitoring through Security Operations Centres, Security Information and Event Management systems, and regular third-party security audits.

The framework also places stricter requirements on government email and hosting services. Organizations would need to deploy stronger defenses against phishing, malware, and spam, while enabling multi-factor authentication for administrative, remote, and webmail access. The draft also calls for email archiving and backup, advanced persistent threat detection, and domain authentication protocols such as SPF, DKIM, and DMARC to improve the security of official communications.

For web applications, the proposed rules require both internal and public-facing systems to follow secure design principles and secure software development practices. Government bodies would be expected to conduct regular vulnerability assessments and penetration testing, use supported and securely configured software components, apply strong authentication and session management, and complete code reviews and security testing before deployment.

The framework further makes organizations responsible for ensuring that developers, hosting providers, and cloud service providers meet contractual security requirements, including right-to-audit provisions.

In addition to digital safeguards, the proposed framework introduces operational and physical protections for data centres. These include resilient power supplies, backup generators, environmental monitoring systems, fire detection and suppression systems, and measures to protect against flooding, water leakage, and other hazards.

Government organizations would also be required to document maintenance procedures, test environmental control systems regularly, and investigate incidents affecting data centre operations as part of ongoing risk management and compliance.

Leave a comment

RBN Community

Join our whatsapp channels below to get the latest news and updates.

rBusiness rMarkets