Srinagar,: The Government of Jammu and Kashmir on Monday issued an order banning the use of pen drives on official devices across all Administrative Government Departments at the Civil Secretariat in Jammu and Srinagar, as well as Deputy Commissioner Offices in all districts. The move aims to protect sensitive government data and reduce the risk of data breaches, malware infections, and unauthorized access, while strengthening the Union Territory’s cybersecurity framework.
According to the General Administration Department, “To enhance the cybersecurity posture of the Union Territory, safeguard sensitive government information, and minimize risks of data breaches, malware infections, and unauthorized access, the use of pen drives on official devices is prohibited across all Administrative Government Departments in the Civil Secretariat, Jammu and Srinagar, and Deputy Commissioner Offices in all districts.”
The order allows for exceptions in operationally justified cases. Departments may request controlled whitelisting for up to 2–3 pen drives per department through the respective administrative head to the State Informatics Officer (SIO), National Informatics Centre. Once approved, pen drives must be physically submitted to the respective NIC cell for reconfiguration, audit, and ownership registration before use.
As a secure alternative, departments are encouraged to adopt GovDrive—a cloud-based platform providing each government official 50 GB of secure storage with centralized access and device synchronization. Detailed guidance and user manuals are provided in Annexures I & II of the order.
The order strictly prohibits the use of public messaging platforms such as WhatsApp, or unsecured online services like WeTransfer, for sharing or circulating confidential information. This includes official documents, emails, technical details, ICT architecture diagrams, system configurations, vulnerability reports, and security audit findings. Departments are advised to use GovDrive, e-Office, and official email for all communications, in line with MHA, CERT-In directives, and departmental data classification policies.
Failure to comply with these guidelines may result in disciplinary action under rules governing web conduct, IT usage, and administrative behavior. The government emphasized that these measures are intended to protect official digital assets and prevent compromise of sensitive data, urging all departments to implement the directives as a top priority for safeguarding the digital ecosystem.
