The Union government is preparing to launch one of its most extensive cybersecurity exercises, ordering a nationwide audit of critical IT systems across central ministries, state departments and the government’s network of National and State Data Centres.
The move comes amid a steady escalation in cyber threats targeting public-sector infrastructure. The audit will span the entire stack of government information communication technology (ICT) assets, from routers, firewalls and intrusion-prevention systems to servers, virtual machines, cloud deployments, endpoint devices and security operations centres.
Officials said the effort marks a significant scale-up in periodic compliance checks mandated under CERT-In’s cybersecurity audit guidelines.
A request for empanelment issued by the government says auditors will conduct deep reviews of network traffic flows, security-appliance configurations and identity-and-access-management controls to determine whether they meet current standards.
Cloud-layer components, including orchestration systems, API permissions and key-vault protections, will also be scrutinised. The mandate further covers asset verification across ministries and states, configuration reviews of routers, switches, firewalls and VPNs and assessments of log-management practices and disaster-recovery readiness.
Security incidents reported in the past six months will be examined alongside forensic artefacts to evaluate response quality and identify unresolved vulnerabilities, the document said.
Data centres, which handle mission-critical workloads for national digital platforms, will face an additional layer of checks on access-control systems, surveillance infrastructure and environmental safeguards.
Officials said the sheer size of the exercise reflects the government’s concern over increasingly sophisticated attacks on public-sector systems.
As part of the initiative, auditors will assess more than 60,000 ICT nodes across central and state entities and another 40,000 nodes within National and State Data Centres.
To operationalise the nationwide rollout, NIC Services Inc. (NICSI) has begun the process of empanelling CERT-In–recognised audit agencies. The empanelment will allow NICSI and user departments to allocate audit work across ministries, states and data-centre facilities over the next three years.
Bids for the empanelment are due on December 18, following a pre-bid meeting scheduled for December 5.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
