Pakistan Moves to Enforce New National Cybersecurity Rules Across Public Sector

Picture of Ubaid

Ubaid

Pakistan Moves to Enforce New National Cybersecurity Rules Across Public Sector

The Govt has taken another major step to strengthen Pakistan’s cybersecurity by moving a new national security framework closer to implementation. The National Cyber Emergency Response Team (National CERT) has submitted the Pakistan Information Security Framework (PISF) to the federal cabinet for approval after completing consultations with key stakeholders.

The proposed framework is designed to improve cybersecurity standards across public sector organizations and critical infrastructure. Once approved, it will become the country’s baseline cybersecurity standard for government institutions and designated Critical Information Infrastructure (CII) entities.

The Govt developed the framework after consulting federal and provincial departments, regulators, infrastructure operators, and cybersecurity experts. The goal is to create a unified system that improves digital security and protects essential services from cyber threats.

Under the proposed rules, public organizations will have to establish formal cybersecurity governance systems. They will also be required to conduct regular risk assessments and adopt standard procedures for responding to cyber incidents.

The framework places strong emphasis on business continuity and disaster recovery. Organizations will need to prepare plans that ensure critical services remain available during cyberattacks or other emergencies.

The proposal introduces mandatory cybersecurity controls in several important areas. These include governance, risk management, incident response, data protection, physical security, supply chain management, secure software development, and the protection of critical information infrastructure.

It will apply to federal and provincial ministries, government departments, autonomous bodies, corporations, Computer Emergency Response Teams (CERTs), and all organizations designated as Critical Information Infrastructure.

The framework also sets clear reporting deadlines for cyber incidents. Verified incidents affecting critical infrastructure must be reported immediately to the relevant regulator, sectoral CERT, and the National CERT. A detailed report must then be submitted within 72 hours.

For verified cyber incidents involving non-critical organizations, reports must be filed within 120 hours.

The Govt also plans to introduce stronger security requirements for organizations providing data center, web hosting, and email services. These organizations will need to use multi-factor authentication, continuous monitoring systems, vulnerability management, secure backup solutions, and annual independent security audits.

Another important requirement focuses on government-hosted digital services. Organizations hosting government websites or applications outside Pakistan will have to prepare plans to move them to data centers located within the country.

The framework also requires stronger cybersecurity clauses in agreements with software developers, cloud service providers, and hosting companies. This aims to reduce risks throughout the technology supply chain.

Software development under the proposed framework must follow security-by-design principles. Organizations will also be required to carry out regular information security audits and adopt sector-specific security measures where necessary.

In addition, institutions will need to classify critical digital assets, protect personal data, perform resilience testing, and maintain close coordination with sectoral and national CERTs. Regular cybersecurity awareness training for employees will also become mandatory.

In other related news also read China Expresses Concern Over Pakistan-Afghanistan Tensions

If approved by the federal cabinet, the Pakistan Information Security Framework will become the country’s primary cybersecurity standard for public sector organizations. Implementation will follow the compliance and security requirements outlined in the framework, helping the Govt strengthen cyber resilience and improve protection against evolving digital threats.

Related News

Trending

Recent News

Type to Search