Standard Operating Procedure (SOP) for MoD Net/Internet Users : CGDA Circular dated 04-09-2023
“हर काम देश के नाम”
रक्षा लेखा महानियत्रक
उलान बटाररोड, पालम, दिल्ली छावनी-110010
Controller General of Defence Accounts
Ulan Batar Road, Palam, Delhi Cantt.- 110010
No. Mech/ IT&S/810/Cyber Security/Misc
(through DAD WAN/email)
Sub: Standard Operating Procedure (SOP) for MoD Net/Internet Users.
In view of the increasing number of cyber threats and compromise incidents, a Standard Operating Procedure (SOP) for endpoint users is circulated by MoD :
▶ Standard Operating Procedure (SOP) for MoDNet/ Internet users :
a) It is mandated to use any hardened Linux or Maya-OS along with chakra agent, in all the internet facing endpoints/PCs of MoD.
b) No data processing or transmission of classified data, confidential and above, should be done on Internet endpoints/PCs, separate non Internet connected work PCs to be used by all departments.
c) All the officials/staff while receiving mail with attachments should due diligently cross verify the credentials of the sender before downloading the attachment/clicking on any link.
d) In case any call is received pertaining to any mail attachment or password thereof, the credibility of the caller should be ascertained by giving a call back to the calling number. Only landline numbers should be accepted for such verification.
e) MoDNet Intranet (Air gapped network) to be used for data transmission/official work in DoD, DDP, DESW. and MoD Fin.
f) Usage of smartphones to be restricted and non approved officials/staff should not be allowed access of smartphone at workplace.
g) Ensure that no internet dongles/Mobile devices/WiFi/USB storage devices are plugged into Intranet (Air gapped, Network) systems/MoDNet.
h) MeitY guidelines on the usage of Operating system to be followed in respect of standalone/intranet PCs/System. It should be ensured that operating systems are kept up to date with the latest authentic patch releases.
2. All the Controllers are advised to ensure compliance of the SOP given above and disseminate these to all the officials of their sections and sub offices for strict compliance.
Sr. ACGDA (IT&S)
- Domains registered by Pak Malicious Actors – CGDA issued list of malicious websites registered under “.in” domain