उत्तर प्रदेश सरकार  |  Government of Uttar Pradesh

Image of About Department

Security Policy

  • Uttar Pradesh New and Renewable Energy Development Agency Website has been placed in protected zones with implementation of firewalls and IDS (Intrusion Detection System) and high availability solutions.
  • Before launch of the Uttar Pradesh New and Renewable Energy Development Agency, simulated penetration tests have been conducted. Penetration testing has also been conducted after the launch of the Uttar Pradesh New and Renewable Energy Development Agency Website.
  • Uttar Pradesh New and Renewable Energy Development Agency Website has been audited for known application level vulnerabilities before the launch and all the known vulnerability has been addressed.
  • Hardening of servers has been done as per the guideline of Cyber Security division before the launch of the Uttar Pradesh New and Renewable Energy Development Agency Website.
  • Access to web servers hosting the Uttar Pradesh New and Renewable Energy Development Agency Website is restricted both physically and through the network as far as possible.
  • Logs are maintained for authorized physical access of Uttar Pradesh New and Renewable Energy Development Agency Website servers.
  • Web-servers hosting the Uttar Pradesh New and Renewable Energy Development Agency Website are configured behind IDS, IPS (Intrusion Prevention System) and with system firewalls on them.
  • All the development work is done in a separate development environment and is well tested on the staging server before updating it on the production server.
  • After testing properly on the staging server the applications are uploaded to the production server using SSH and VPN through a single point.
  • The content contributed by/from remote locations is duly authenticated & is not published on the production server directly. Any content contributed has to go through the moderation process before final publishing to the production server.
  • All contents of the web pages are checked for intentional or unintentional malicious content before final upload to web server pages.
  • Audit and Log of all activities involving the operating system, access to the system, and access to applications are maintained and archived. All rejected accesses and services are logged and listed in exception reports for further scrutiny.
  • Help Desk staff at the Web Information Manager monitor the Uttar Pradesh New and Renewable Energy Development Agency Website at intervals of one month to check the web pages to confirm that the web pages are up and running, that no unauthorized changes have been made, and that no unauthorized links have been established.
  • All newly released system software patches; bug fixes and upgrades are expediently and regularly reviewed and installed on the web server.
  • On Production web servers, Internet browsing, mail and any other desktop applications are disabled. Only server administration related tasks are performed.
  • Server passwords are changed at the interval of one month and are shared by Web Information Manager.
  • Web Information Manager have been designated as Administrator for the Uttar Pradesh New and Renewable Energy Development Agency Website and shall be responsible for implementing this policy for each of the web servers. The administrator shall also coordinate with the Audit Team for required auditing of the server(s).
  • Uttar Pradesh New and Renewable Energy Development Agency Website has been re-audited for the application level vulnerability after major modification in application development [Not applicable at first launch].
  • The Uttar Pradesh New and Renewable Energy Development Agency Website has been audited before launch and has complied with all the points mentioned in the policies document of the Cyber Security Group mentioned above.
  • Uttar Pradesh New and Renewable Energy Development Agency Website has also been subjected to an automated risk assessment performed through vulnerability identification software before and after the launch and all the known vulnerabilities have been addressed.

Notice and Disclosures

Uttar Pradesh New and Renewable Energy Development Agency Website will not sell, trade, or disclose the personally identifiable information of its website users to any unauthorized third parties.

Data Quality and Access

Uttar Pradesh New and Renewable Energy Development Agency Website takes all steps possible to ensure that the data on the website is accurate. While reviewing the website if something is found to be inaccurate Uttar Pradesh New and Renewable Energy Development Agency Website Name will make every effort to correct said information as quickly as possible. If it is found to be an inaccuracy with the entire system Uttar Pradesh New and Renewable Energy Development Agency Website will work swiftly to correct the problem so that your web experience is as troublefree as possible. Any change to your user account will not be reflected on the website until the following business day. The information contained on the Uttar Pradesh New and Renewable Energy Development Agency Website website is subject to change without prior advance notice.

While using the Uttar Pradesh New and Renewable Energy Development Agency website certain information such as your IP Address and time spent on pages may be collected. This non- personal information is collected in order to monitor any unauthorized use or access to the Uttar Pradesh New and Renewable Energy Development Agency site. Anyone caught attempting to harm, steal information from, or otherwise damage the Uttar Pradesh New and Renewable Energy Development Agency website will be prosecuted to the full extent of the law.

Application Security Audit

A Drupal CMS is used in the Uttar Pradesh New and Renewable Energy Development Agency Website website for displaying the information dynamically as per the users’ requests. The application has been security audited for the known application level vulnerabilities as per Top 10 OWASP and the application security vulnerabilities have been addressed before the launch of the Portal

The website will be audited by Cert-in empanelled agency periodically. The periodicity shall be one year from the date of issue of certificate or additional changes in the dynamic content carried out whichever is earlier. A periodic check on the requirement of a security certificate is recommended to the web information manager in case there are changes in the functionality or any other environmental changes.

Server Audit

The Applications and database servers hosting the Uttar Pradesh New and Renewable Energy Development Agency website and Databases have been security audited. The hardening of the server has been done. The access to the server is restricted both physically and through the network as far as possible. The Logs are being maintained for authorized physical access to Uttar Pradesh New and Renewable Energy Development Agency. The servers have been placed behind the Application firewall in order to make them hidden to the outside public. All the development work is done on separate development environment and well tested on the staging server before updating it on the production server. The Uttar Pradesh New and Renewable Energy Development Agency website contents on the NIC Data Centre servers are uploaded using secured SSH and VPN through a single point. The contents are first checked by approval authority before publishing on the website. All contents of the web pages are checked for intentional or unintentional malicious content before final upload of the same on the website. Audit and Log of all activities referring to the operating system, access to the system and access to applications are maintained and archived. All rejected accesses and services are logged and listed in exception reports for further scrutiny. All newly released system software patches, bug fixes and upgrades are deployed regularly and reviewed. The Antivirus has been deployed on the servers and is updated online.

Data Security

Uttar Pradesh New and Renewable Energy Development Agency takes security very seriously and has therefore taken every precaution to secure our borrowers' information. In order to secure the user’s information, Uttar Pradesh New and Renewable Energy Development Agency has implemented several security measures to prevent loss, theft, or misuse of any borrower data.

Website Access Rights

Whether website is accessible in India only and necessary firewall rule has been applied in the system

Last Updated on Page :

This is the Official Website of Uttar Pradesh New and Renewable Energy Development Agency, Government of Uttar Pradesh, India. Content on this website is published and managed by Uttar Pradesh New and Renewable Energy Development Agency, Government of Uttar Pradesh, India. For any query regarding this website, Please contact the "Web Information Manager"

Last Update on Website :
Vistior No. : 694116
  Uttar Pradesh New and Renewable Energy Developmet Agency, India | All rights reserved.
Powered by MARGSOFT Technologies (P) Limited