ISLAMABAD: In a major move to secure the country’s digital infrastructure, the National Cyber Emergency Response Team (National CERT) has made it mandatory for all public and private sector entities to adopt the Pakistan Security Standards (PSS) — a homegrown cybersecurity and cryptographic benchmark aligned with international protocols such as the US FIPS 140 and ISO 15408 (Common Criteria).
The mandatory implementation, announced through Statutory Notification SRO 762(I)/2023, will take full effect from June 1, 2028, making it unlawful to manufacture, store, or sell any security product that claims cryptographic or cybersecurity functions without PSS compliance.
However, the defence sector faces an accelerated deadline, with the National Technical Information Security Board (NTISB) directing full compliance by December 2025 for all new procurements — marking the first step toward nationalizing cryptographic assurance and strengthening supply chain integrity.
According to the advisory, the PSS aims to ensure the confidentiality, integrity, and availability of national ICT systems, enhance cyber resilience, and reduce risks of compromise in critical sectors such as defence, banking, energy, and communications.
“Proactive compliance today will safeguard defence operations, streamline procurement, and strengthen Pakistan’s national cybersecurity posture,” the advisory stressed, urging vendors and developers to initiate certification immediately through accredited IT and cryptographic evaluation labs.
The National CERT has directed all industry partners, vendors, and developers to begin the certification process without delay, warning that non-compliant products will soon face procurement bans across government and defence institutions.
Key recommendations include: Proactive evaluation and alignment with PSS certification requirements, vendor communication to ensure supply chain readiness, integration of PSS compliance into all ICT procurement policies, and awareness campaigns to educate industry players on evaluation procedures.
The National CERT has also called for industry-wide collaboration and public-private coordination to ensure timely compliance, emphasizing that the new standards are not merely regulatory but “a foundation for Pakistan’s cyber resilience and defence readiness in an increasingly digital era.”
Copyright Business Recorder, 2025
