1. Introduction









 society and government organisations. GIGW   guidance to government organisations on how   same. Such guidance and advisories issued by   all government organisations and their

 2.0 took note of the standards evolved by   to leverage public digital infrastructure devised   CERT-In from time to time should be treated as   implementation and evaluation partners.
 international bodies like the world-wide web   for whole-of-government delivery of services,   updates  to the guidance contained in the   Government organisations are expected to
 consortium (W3C) and advancements in   bene ts and information. These cover aspects   chapter on cybersecurity and any assessments   carefully  assess  their  existing  websites, web
 technology. It also included guidance on mobile   such as API level integration for use of   or audit carried out with reference to GIGW 3.0   portals, web applications and mobile apps
 apps.   integration with social media, India Portal,   should also be cognizant of the same. Further,   against GIGW 3.0, identify areas requiring

 This version is the third version of GIGW (GIGW   DigiLocker,  Aadhaar-based  identity,  single   while government organisations may continue   improvement,  draw  up  time  bound
 3.0). While the earlier versions were formulated   sign-on,  data  sharing  in  open  formats  on  the   to establish conformity with GIGW 3.0 by   implementation plans to achieve conformity
 in-house with external inputs, GIGW 3.0 has   government’s data platform, government’s   obtaining Certi ed Quality  Website (CQW)   with GIGW 3.0 and obtain CQW certi cation

 been formulated jointly with Standardisation   scheme discovery platform, government’s   certi cation  from  the  STQC  Directorate,  the   from the STQC Directorate. Similarly, websites,
 Testing and Quality Certi cation (STQC)   citizen engagement platform MyGov, AI-based   certi cation of cybersecurity aspects by STQC   web portals, web applications and mobile apps
 Directorate of the Ministry of Electronics and   Indian language translation tools, seamless   may be done on the basis of the “safe to host”   that are at the design or implementation stage
 Information Technology and Indian Computer   content/data  access  across  web-based  certi cate issued by the cybersecurity auditors   may also be reviewed to ensure that their
 Emergency  Response  Team  (CERT-In),  so  that   solutions of government organisations. GIGW   empanelled by CERT-In/STQC or the auditors of   design, architecture, development and scope of

 the experience of conformity with GIGW   3.0 o ers upgraded guidelines on accessibility   STQC or NIC.  audit  conform  to GIGW  3.0 and  requisite
 gathered by the STQC Directorate auditors and   of websites and apps, with a view to make   To  make  the  guidelines  more  readily  usable,   approvals, resources etc. are tied up to ensure
 the cybersecurity experience and knowledge of   access to cyberspace more inclusive. In view of   which entity/person has a role in implementing   this.

 CERT-In also inform the GIGW. As in earlier   incorporation of comprehensive guidance in   a particular guideline has been identi ed in   While GIGW embodies general guidance for
 versions, GIGW 3.0 too has also been formulated   this version on apps as well (in addition to   every guideline. Thus, each guideline speci es   government websites, web portals, web
 in association with industry and experts.  websites), this version is titled “Guidelines for   whether the same is to be acted upon by the   applications and mobile apps, particular
 The key thrust of GIGW 3.0 is on o ering speci c   Indian  Government  Websites  and  Apps”.   government organisation concerned or the   website/app use cases may require adoption of
 guidance to government organisations on how   However, since the acronym GIGW gained wide   developer or the evaluators.  higher norms and speci c technologies.
 n recent years, digital technologies have   (NIC) formulated the Guidelines for Indian
 to improve the user interface and user   currency, the acronym has been retained, with   The e ectiveness of GIGW 3.0 in enhancing ease   Government  organisations  may  keep  this  in
 increasingly  contributed  to economic   Government Websites (GIGW) in the year 2009.
 experience (UI and UX), by incorporating   the letter “W” being signifying “Websites and   of living through various web-based initiatives   mind  while  formulating  their  design,
 growth and citizen empowerment.   GIGW aims to ensure quality and accessibility of
 features such as intuitive page loading (using AI   Apps”.  of the government would depend on their   architecture and scope and may consult NIC in
 These  technologies have  become   government  guidelines, by o ering  guidance
 and analytics) based on user journey and user   A chapter on cybersecurity, formulated by   e ective implementation in letter and spirit by   case they desire technical advice in the matter.
 ubiquitous in everyday life and enable   on  desirable  practices  covering  the  entire
 pro le,  using  state-of-the-art  content  CERT-In, has also been incorporated so that
 people to access various services from the   lifecycle of websites, web portals and web
 management  system  (CMS),  user-centric  GIGW can serve as a single point of reference on
 comfort of their homes. Government has   applications, right from conceptualisation and
 information architecture (IA), centralised   all the relevant aspects — quality, accessibility
 established web presence through multiple   design to their development, maintenance and
 monitoring dashboard to identify and provide   and security — relating to websites, web
 websites,  web portals, web applications  and   management.  The  Department  of
 alerts on non-conformity and technical   portals, web applications and mobile apps.
 mobile apps that o er information and services   Administrative Reforms and Public Grievances
 enablement of all content creators and   Since cybersecurity requirements undergo
 to the public. However, inconsistency in   made the same a part of the Central Secretariat
 publishers.  continuous evolution in light of emerging
 conventions,  layout  standards,  navigation   Manual of O ce Procedure.
 GIGW 3.0 also signi cantly enhances the   threat  scenarios,  threat  vectors  and
 strategies  and technologies  adopted can   The  second  version  of  GIGW  (GIGW  2.0)  was
 guidance on the accessibility and usability of   technologies, CERT-In continuously issues
 reduce the e ectiveness of websites/apps.  developed in 2019, taking into account
 mobile apps, especially by o ering speci c   updated guidance and advisories to address the
 In this context, the National Informatics Centre   feedback from and consultations with industry,


                                                              9