1 |
All licensees should manage their servers within Pakistan, as per the license awarded to them, which clearly mentions to establish, maintain and operate in Pakistan. |
All Licensees |
2 |
Bind static IP addresses with user accounts for API / Web portal Access to foreign IP addresses should be blocked through geo-fencing at firewalls. |
All Licensees |
3 |
Maintain all types of logs including but not limited to Access Log, Events Log, “Failed” . |
All Licensees |
4 |
Login Attempts with complete IP details” and “API failed connections”, in accordance with clause 6 (5) of CTDISR 2000, issued by PTA . |
All Licensees |
5 |
Password baselining restrictions be implemented i.e. blocking of account on a limited number of failed attempts. |
All Licensees |
6 |
Dedicated / Managed services of Web Application Firewall (WAF) be used to secure networks from layer 7 attacks. |
All Licensees |
7 |
Security from roaming SMS links be ensured. |
Whoever Providing SMS Service |
8 |
Two-factor authentication (2FA) be implemented for all customers on every login to SMS application. An OTP be used for every broadcast message. |
SMS Aggregator/ CMOs |
9 |
Weblinks in the SMS content be blocked, as it generally refers to phishing links. |
SMS Aggregator/ CMOs |
10 |
Personal Data Requests should not be allowed in the SMS. |
SMS Aggregator/ CMOs |