Electronic and Postal Communications (Computer Emergency Response
Team)
G.N. No. 419 (contd)
(h)
(i)
(j)
(k)
Obligation of
constituencies
and service
providers on
information
security and
functionality
of services
and other events that may endanger the
information
security
or
usability
of
communications services and communication
network for service provider who provide
services through backbone network;
publish into their website an appropriate
notification of the measures taken and any
effects they may have on the use of that service
after having combated the threat or removed a
disruption;
submit detailed periodic reports of incidences
and threats on notification as it may be
stipulated by the National CERT which shall,
where possible, give an account of the causes
of the threat, number of subscribers affected,
other harmful consequences caused by the
incident and repair time;
retain the contents of user’s access logs, traffic
or routing data, for a minimum period of
twelve months or as shall be determined by the
Authority from time to time; and
abide by the CERT guidelines and directives as
prescribed by the Authority from time to time
9.-(1) The Constituencies and application service
licensees shall, in the issues of information security and
functionality of services be required to(a)
maintain up to date and reliable mechanisms
for identifying the sources of malicious traffic
from the incoming or outgoing traffic;
(b)
filter such traffic that it has identified as
malicious traffic; and
(c)
describe and communicate the general
principles of filtering incoming and outgoing
64