Section 3: Physical Controls-Site location, Construction and Physical access.-(1) The site location, design, construction and physical security of the operational site of Certifying Authority shall be in accordance with Para 4 of the Information Technology Security Guidelines given at Schedule II

Q: What does Section 3 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) deal with?

Section 3 TITCAR pertains to "Physical Controls-Site location, Construction and Physical access.-(1) The site location, design, construction and physical security of the operational site of Certifying Authority shall be in accordance with Para 4 of the Information Technology Security Guidelines given at Schedule II". It is part of the The Information Technology (Certifying Authorities) Rules, 2000, a legislation enacted by the Parliament of India. Section 3 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) governs physical Controls-Site location, Construction and Physical access.-(1) The site location, design, construction and physical security of the operational site of Certifying Authority shall be in accordance with Para 4 of the Information Technology Security Guidelines given at Schedule II. As verified on 19 May 2026.

Q: Is Section 3 TITCAR still in force?

Yes, Section 3 of the The Information Technology (Certifying Authorities) Rules, 2000 is currently in force across the Republic of India.

Q: What is धारा 3 TITCAR?

धारा 3 TITCAR is the Devanagari Hindi reference for Section 3 of the The Information Technology (Certifying Authorities) Rules, 2000. Section 3 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) governs physical Controls-Site location, Construction and Physical access.-(1) The site location, design, construction and physical security of the operational site of Certifying Authority shall be in accordance with Para 4 of the Information Technology Security Guidelines given at Schedule II. As verified on 19 May 2026.

Q: What is Dhara 3 TITCAR?

Dhara 3 TITCAR is the Roman Hindi reference for Section 3 of the The Information Technology (Certifying Authorities) Rules, 2000. "Dhara" means "Section" in Hindi. Section 3 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) governs physical Controls-Site location, Construction and Physical access.-(1) The site location, design, construction and physical security of the operational site of Certifying Authority shall be in accordance with Para 4 of the Information Technology Security Guidelines given at Schedule II. As verified on 19 May 2026.

Q: How to cite Section 3 of The Information Technology (Certifying Authorities) Rules, 2000?

Cite as: "Section 3, The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR)" in legal briefs. For academic writing, use the BlueBook format: The Information Technology (Certifying Authorities) Rules, 2000, § 3 (India).

Law on Tips Editorial Board

(2)

Physical access to the operational site housing computer servers, I'KI server, communications and network devices shall be controlled and restricted to the authorized individuals only in accordance with Para 4.4 of the Information Technology Security Guidelines given at Schedule II.

(3)

A Certifying Authority must—

(i) ensure that the operational site housing PKI servers, communications and networks is protected with fire suppression system in accordance with Para 4.2 of the information Technology Security Guidelines given at Schedule II.

(ii) ensure that power and air-conditioning facilities are installed in accordance with Para 4.1 of the Information Technology Security Guidelines given at Schedule II.

(iii) ensure that all removable media and papers containing sensitive or plain text information are listed, documented and stored in a container properly identified.

(iv) ensure unescorted access to Certifying Authority's server is limited to those personnel identified on an access list.

(v) ensure that the exact location of Digital Signature Certification System shall not be publicly identified.

(vi) ensure that access security system is installed to control and audit access to the Digital Signature Certification System.

(vii) ensure that dual control over the inventory and access cards/keys are in place.

(viii) ensure that up-to-date list of personnel who possess the access cards/keys is maintained at the Certifying Authority's operational site. Loss of access cards/keys shall be reported immediately to the Security Administrator; who shall take appropriate actions to prevent unauthorised access.

(ix) ensure personnel not on the access list are properly escorted and supervised.

(x) ensure a site access log is maintained at the Certifying Authority's operational site and inspected periodically.

(4)

Multi-tiered access mechanism must be installed at the Certifying Authority's operational site. The facility should have clearly laid out security zones within its facility with well-defined access rights to each security zone. Each security zone must be separated from the other by floor to ceiling concrete reinforced walls. Alarm and intrusion detection system must be installed at every stage with adequate power backup capable of continuing operation even in the event of loss of main power. Electrical/Electronic circuits to external security alarm monitoring service (if used) must be supervised. No single person must have complete access to PKI Server, root keys or any computer system or network device on his/her own.

(5)

Entrance to the main building where the Certifying Authority's facilities such as Data Centre, PKI Server and Network devices are housed and entrance to each security zone must be video recorded round the clock. The recording should be carefully scrutinized and maintained for at least one year.

(6)

A Certifying Authority site must be manually or electronically monitored for unauthorised intrusion at all times in accordance with the information Technology Security Guidelines given at Schedule If.

(7)

Computer System/PKI Server performing Digital Signature Certification function shall be located in a dedicated room or partition to facilitate enforcement of physical access control. The entry and exit of the said room or partition shall be automatically locked with time stamps and shall be reviewed daily by the Security Administrator.

(8)

Access to infrastructure components essential to operation of Certifying Authority such as power control panels, communication infrastructure, Digital Signature Certification system, cabling, etc. shall be restricted to authorised personnel.

(9)

By-pass or deactivation of normal physical security arrangements shall be authorised and documented by security personnel.

(10)

Intrusion detection systems shall be used to monitor and record physical access to the Digital Signature Certification system during and after office hours.

(11)

Computer System or PKI Server performing the Digital Signature Certification functions shall be dedicated to those functions and should not be used for any other purposes.

(12)

System software shall he verified for integrity in accordance with Para 15 of the information Technology Security Guidelines given at Schedule II.