The guideline states that exceptions will only be granted where using pen drives is necessary for operational reasons.

The Jammu and Kashmir General Administration Department banned the usage of pen drives on all official devices in government agencies a few months after the India-Pakistan conflict.  The August 25, 2025, order seeks to reduce the risks of malware infections, unauthorised access, and data breaches while enhancing cybersecurity and protecting sensitive government data.

Exceptions with controls

The guideline states that exceptions will only be granted where using pen drives is necessary for operational reasons.  Only two to three pen drives may be requested by a department, even in these situations, and they must be sent to the State Informatics Officer via the administrative head.  Before being used, approved pen drives will first undergo reconfiguration and authorisation by the National Informatics Centre (NIC).

Push for GovDrive adoption

GovDrive, a cloud-based, multi-tenant platform that provides every government official with 50 GB of safe storage with centralised access and synchronisation, has been strongly recommended as a secure substitute by departments.  In comparison to physical storage devices, the circular emphasises that GovDrive will increase efficiency and guarantee superior data integrity protection.

Ban on unsecured platforms

Additionally, the circular expressly cautions against exchanging or storing private information on unprotected platforms like WhatsApp.  It emphasises how crucial it is to protect digital sovereignty and avoid security lapses by using secure communication methods.

Compliance and accountability

The government has made it clear that disregarding the new guidelines will be taken seriously and may result in disciplinary action under the laws governing official behaviour and the use of IT.  The guidelines have been issued with immediate effect, and all agencies have been directed to prioritise them.

Cybersecurity strategy

The order is a component of a broader plan to embrace best practices described by CERT-In and the Ministry of Home Affairs, implement ICT architecture, and guarantee adherence to national security guidelines.  To protect sensitive data, departments have also been instructed to implement classification policies, conduct vulnerability assessments, and strengthen security configurations.