The National CERT has finalized the Pakistan Information Security Framework to strengthen government digital systems against cyberattacks, data breaches and other emerging online threats.
Once formally approved, the framework will introduce new cybersecurity standards for federal and provincial government institutions, including mandatory audits, continuous threat monitoring and the transfer of government websites and applications hosted abroad to local data centres.
Under the new framework, authorities will prepare a plan to transfer government websites and applications currently hosted overseas to data centres located in Pakistan.
The move is aimed at improving the security, monitoring and autonomy of the government’s digital infrastructure while reducing reliance on foreign hosting services.
New requirements have also been introduced for cloud service providers, data centres and web-hosting companies handling government information and digital platforms.
Modern security systems made mandatory
Government data centres will be required to install modern firewalls, cybersecurity surveillance tools and systems capable of detecting threats in a timely manner.
Security operations centres and advanced cyber-monitoring systems will also have to be established to identify, assess and respond to suspicious activity.
Authorities will be required to implement immediate surveillance and continuous monitoring mechanisms to track cyberattacks and reduce the risk of damage to government networks.
Backup power, round-the-clock monitoring required
Data centres will also be required to maintain reliable backup power systems, including generators, to ensure that cybersecurity operations remain active during power outages.
Continuous monitoring arrangements will be mandatory to protect critical government data and keep digital services operational without interruption.
These measures are intended to improve the resilience of public-sector systems during cyber incidents, technical failures and other emergencies.
Govt email systems to receive stronger protection
The framework makes protection against phishing, spam and malware mandatory for all government email services.
Institutions will be expected to introduce safeguards capable of identifying malicious messages, fraudulent links and harmful files before they compromise official accounts or networks.
The measures are designed to reduce the risk of cybercriminals gaining access to sensitive government information through employees’ email accounts.
Dedicated cybersecurity wings ordered
Every government institution will be directed to establish a separate cybersecurity wing responsible for protecting its digital infrastructure.
Federal and provincial agencies will also have to allocate dedicated budgets for cybersecurity, conduct regular employee training and complete annual security audits.
The framework places responsibility on institutions to ensure that employees understand cyber risks and follow established security procedures.
Data leaks must be reported immediately
Government institutions will be required to immediately report any data leak or serious cybersecurity breach to the relevant national security authority.
A rapid reporting mechanism will be introduced so that incidents can be investigated, contained and addressed before they cause wider damage.
The framework also calls for continuous monitoring of cyber threats and timely coordination between affected institutions and national cybersecurity bodies.
Strict controls for govt social media accounts
Centralized access and strict controls will be introduced for official government social media accounts.
The measures are intended to prevent unauthorized access, account takeovers, misinformation and the misuse of official communication platforms.
Government agencies will be expected to limit account access to authorized personnel and maintain stronger oversight of login credentials and publishing permissions.
The Pakistan Information Security Framework will be implemented after receiving final approval. Its introduction will establish uniform cybersecurity standards across federal and provincial institutions and provide a structured approach to protecting government websites, applications, emails, data centres and social media platforms.
The framework is expected to strengthen Pakistan’s ability to detect cyber threats, respond to digital attacks and protect sensitive public-sector information.








