The Botswana Communications Regulatory Authority (BOCRA) has issued draft website application security guidelines for stakeholders’ input, with a warning that non-compliance could lead to the removal of a website.

According to BOCRA the guidelines are in place to help businesses establish a checklist of steps to ensure that websites are not exploited, and that all software developers and hosting companies understand dangers and possible remediation measures of insecure website applications.

The Authority wants developers to implement strong password policies, require multi-factor authentication (MFA) for login and enforce encryption, as well as use proper key management and standard algorithms.

In addition, developers are required to provide sufficient log-in and monitoring for suspicious activities or security incidents occurring on web application. The musty also review all permissions, update configurations, and install patches and upgrades.

Tshoganetso Kepaletswe, Chief Technology Officer at BOCRA said the guidelines include ensuring effective software development, the continuous patching of discovered vulnerabilities, using up-to-date encryption, and requiring proper authentication.

Kepaletswe said the security guidelines are to be implemented in the website architecture design and finished products of web applications.

She said once approved, the guidelines will apply to all entities or registrars hosting .bw domains and registrants owning the websites. “Any website that does not conform to these guidelines may lead to a website taken down.”