The Government of Pakistan has proposed a new cybersecurity framework that would require government organizations hosting their websites and digital applications abroad to migrate them to data centres located within Pakistan.

The requirement is part of the proposed Pakistan Information Security Framework (PISF), which aims to strengthen the security, resilience, and oversight of government digital infrastructure.

Under the proposed framework, government-operated data centres, email services, and web hosting platforms will be required to meet a range of mandatory cybersecurity standards.

Organizations will need to implement network security measures, including next-generation firewalls, intrusion detection and prevention systems, distributed denial-of-service (DDoS) protection, secure backup mechanisms, vulnerability management, continuous monitoring through Security Operations Centres (SOC), Security Information and Event Management (SIEM) systems, and regular third-party security audits.

The framework also introduces stricter security requirements for government email and hosting services.

Organizations will be required to deploy advanced protection against phishing, malware, and spam, while enabling multi-factor authentication for administrative, remote, and webmail access. The framework also requires email archiving and backup capabilities, advanced persistent threat detection, and domain authentication protocols, including SPF, DKIM, and DMARC, to improve the security and integrity of government communications.

The proposed PISF requires all internal and public-facing web applications to follow secure design principles and secure software development practices.

Government organizations must carry out regular vulnerability assessments and penetration testing, use supported and securely configured software components, implement strong authentication and session management, and complete code reviews and security testing before applications are deployed.

The framework also makes organizations responsible for ensuring that developers, hosting providers, and cloud service providers comply with contractual security requirements and right-to-audit provisions.

The proposed controls also introduce environmental and operational safeguards for government data centres.

Organizations will be required to maintain resilient power supplies, backup generators, environmental monitoring systems, fire detection and suppression systems, and protection against flooding, water leakage, and other physical hazards.

In addition, they must document maintenance procedures, regularly test environmental control systems, and investigate incidents affecting data centre operations as part of ongoing risk management and regulatory compliance.

Get the latest tech news, telecom insights, and product launches wherever you prefer.

Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.

Shares