CBI

CBI

Central Bureau of Investigation 

CBI

Central Bureau of Investigation 
Ashok stambh and National Flag

Website Policy

Terms And Conditions:

Though all efforts have been made to ensure the accuracy and currency of the content on this Portal, the same should not be construed as a statement of law or used for any legal purposes. CBI accepts no responsibility in relation to the accuracy, completeness, usefulness or otherwise, of the contents. Users are advised to verify/check any information with the relevant Government department(s) and/or other source(s), and to obtain any appropriate professional advice before acting on the information provided in the website.

 

In no event will the Government or CBI be liable for any expense, loss or damage including, without limitation, indirect or consequential loss or damage, or any expense, loss or damage whatsoever arising from use, or loss of use, of data, arising out of or in connection with the use of this Portal. These terms and conditions shall be governed by and construed in accordance with the Indian Laws. Any dispute arising under these terms and conditions shall be subject to the exclusive jurisdiction of the courts of India.

 

Copyright Policy:

The contents of this website may not be reproduced partially or fully, without due permission from Central Bureau of Investigation. If referred to as a part of another publication, the source must be appropriately acknowledged. The contents of this website cannot be used in any misleading or objectionable context.

 

Privacy Policy:

CBI does not collect personal information for any purpose other than to respond to the querist. If user chooses to provide CBI with the personal information like filling out a feedback form with an e-mail address or postal address, and submitting through the website, CBI uses that information to respond to that message, and to help the querist get the information requested.

  • CBI website never collects information or creates individual profiles

 

Hyper Linking Policy:

At many places in this website (cbi.gov.in), links may be found to other web resources. These links have been placed for convenience of the user. Central Bureau of Investigation is not responsible for the contents of the linked destinations and does not necessarily endorse the views expressed with them. Mere presence of the link or its listing on this website should not be assumed as endorsement of any kind. CBI cannot guarantee that these links will work all the time and it has no control over availability of linked destinations.

 

CBI does not object anyone linking directly to the information that is hosted on this website (cbi.gov.in) and no prior permission is required for the same. However, CBI would like to informed about any links provided to this website (cbi.gov.in) so that the user can be informed of any changes or updates therein. Also, CBI does not permit its page to be loaded into frames on any other site. The pages belonging to this website (cbi.gov.in) must load into a newly opened browser window of the user.

 

Content Contribution, Moderation & Approval (CMAP) policy:

The Central bureau of investigation website (cbi.gov.in) represents multiple divisions/section/branches. CBI adopt a 3-tiered structure to implement COMAP needing minimum 3 officials to execute the COMAP roles, i.e.

  • Contributor

  • Approver

  • Publisher

 

Content Archival (CAP) policy:

Each of the content components is accompanied by metadata, source and validity date. For some ofthe components the validity date may not be known i.e., the content is stated to be perpetual. Whenever any changes to the content is required the concerned branch/section contributes the changed content through CMS (Content Management System) and the same is published as per COMAP.

 

For few of the components like announcements, tenders, only the live content, whose validity date falls after the current date, is shown on the website. For other components like documents, reports, forms, websites and contact directory there is a need for timely review of the same as per the Content Review Policy.

 

For the retrieval of content which has expired, there is a need to archive the content.

 

Content Review (CRP) policy:

Contents will be reviewed as and when any basic changes to the content is required. The concerned branch/section contributes the changed content through CMS (Content Management System) and the same is published as per COMAP.

 

Website Monitoring Plan:

Central bureau of investigation has a website monitoring policy. CBI website (cbi.gov.in) is being monitored periodically in accordance with website monitoring plan given below

 

The Technical Manager is responsible for the monitoring of the CBI website

  1. SP, Systems, CBI

 

The CBI Website is monitored periodically in accordance with the plan to address and fix the quality and compatibility issues around the following parameters:

  1. Performance: Website download time can be optimized for a variety of network tested for this. This is done by checking the performance of the website by the latest software tools.

  2. Availability: The Availability of the website is monitored by a latest software tool as defined in SLA's.

  3. Broken Links: The website is thoroughly reviewed to rule out the presence of any broken links or errors. Latest tools are used for finding out any broken links.

  4. Hyper linking Content: All Hyper-linking contents present on this website are managed through developed Content Management System (CMS).The System Integrator for CBI is checking the accuracy of all hyper-links contents on the site manually on quarterly basis and its log is maintained along with the broken link report.

  5. Spelling Errors: Every contents are checked and rectified thoroughly before publishing any contents on the website to avoid the presence of any spelling errors in the website.

  6. Tender & Recruitment: Tenders and Recruitment notices are published on the CBI website through CMS as defined in COMAP.

  7. Presence on the National Portal: The department has registered CBI website under CBI of the National Portal.

 

Contingency Management Plan:

Defacement Protection Policy

  1. The CBI website is security audited for application vulnerabilities and performance.

  2. Any application level modification on the CBI website implies re-audit of the website.

  3. All the servers' configuration and logs are monitored by NIC as the website is to be hosted at NIC.

  4. Contents are updated through secured protocols.

 

Monitoring of Defacement of CBI website

 

There are two ways of monitoring the defacement of the CBI website. Cyber security division, NIC is continuously monitoring by analyzing the log files. The Central help desk at NIC (HQ) data Centre is also monitoring the websites at regular interval for possible defacement or undesirable change in the CBI website. The System Integrator of CBI will also monitors the website regularly as per the SLAs. In case of any eventuality, whoever notices it first shall inform the Technical Manager and Web Information Manager on phone as well as through email.

 

Actions to be taken after defacement

 

As soon as the Technical Manager and/or Web Information Manager receive the information regarding the defacement of the website, the following steps will be taken:

  1. Stoppage/partial stoppage of the website according to the degree of defacement.

  2. Analyzing log files and troubleshooting the source of defacement and blocking of the service.

  3. Analyzing type of defacement and fixing it.

  4. Fixing of all vulnerabilities on the basis of security recommendations and re-auditing of applications.

  5. Restoring the affected /corrupted contents from the backup and restoring the site.

 

Time for Restoration of the CBI web site after defacement

 

The time taken for restoration of the CBI website depends on the degree of defacement and services affected by the defacement. Ideally it will take 1 hour to 8 hours for the restoration.

 

Hardware / Software Corruption

 

Though such an occurrence is a rarity, still in case the server on which the website has been hosted crashes due to some unforeseen reason, the web hosting service provider (NIC) has enough redundant infrastructures available to restore the website at the earliest.

 

Contingency Plan in case of Natural Disasters/Calamity

 

CBI website has been hosted by NIC. Any contingency in case of natural disasters/ calamity will be dealt by NIC.

 

Backup Plan in case of website down

 

CBI website has been hosted by NIC and backup is being taken by NIC as per their policy.

 

Security Policy:

  • Central Bureau of Investigation website (cbi.gov.in) has been placed in protected zones with implementation of firewalls and IDS (Intrusion Detection System) and high availability solutions. The firewall and other security protocols is maintained and updated by the NIC.

  • Before launch of the revamped Central Bureau of Investigation website (cbi.gov.in), penetration tests have been conducted.

  • Central Bureau of Investigation website (cbi.gov.in) has been audited for known application level vulnerabilities before the launch and all the known vulnerability as on date has been addressed.

  • Hardening of servers has been done by NIC

  • Access to web servers hosting Central Bureau of Investigation website (cbi.gov.in) is restricted both physically and through network by NIC.

  • Logs at different locations are maintained for authorized physical access of Central Bureau of Investigation website (cbi.gov.in) servers by NIC.

  • Web-servers hosting the Central Bureau of Investigation website (cbi.gov.in) are configured behind IDS, IPS (Intrusion Prevention System) and with system firewalls on them by NIC.

  • All the development work is done on separate development environment and is well tested on staging server before updating it on the production server.

  • After testing properly on the stacking server the applications are uploaded to the production server using secured protocols.

  • The content contributed by/from remote locations is duly authenticated & is not published on the production server directly. Any content contributed has to go through the moderation process before final publishing to the production server.

  • All contents of the web pages are checked for intentional or unintentional malicious content before final upload to web server pages.

  • Audit and Log of all activities involving the operating system, access to the system, and access to applications are maintained and archived by NIC. All rejected accesses and services are logged and listed in exception reports for further scrutiny by NIC.

  • Monitoring team of NIC and CBI along with the System Integrator (till its contract period) will separately monitor the Central Bureau of Investigation website (cbi.gov.in) for continuous availability of website as defined in SLA's, to check the web pages to confirm that the web pages are up and running, that no unauthorized changes have been made, and that no unauthorized links have been established.

  • All newly released system software patches; bug fixes and upgrades are expediently and regularly reviewed and installed on the web server by NIC as per the NIC's Security Policy

  • On Production web servers only server administration related task is performed.

  • Server passwords are managed by NIC.

  • Central Bureau of Investigation website (cbi.gov.in) has been re-audited for the application level vulnerability after major modification in application development [Not applicable at first launch].

 

Compliance Audit:

The Central Bureau of Investigation website (cbi.gov.in) has been audited before launch and has complied with all the points mentioned in the policies document as mentioned above.