Yes. Macksofy is registered on GeM and the major state-portal procurement systems. We can respond to RFPs with the empanelment documentation, NDA + scope-of-work, and audited financials pre-staged.

Do you cover NCIIPC requirements?

Yes — for critical-information-infrastructure entities we deliver an NCIIPC-aligned controls assessment with the supplementary documentation NCIIPC expects (asset criticality matrix, dependency map, incident-response RACI).

Industry · Government · PSU · CERT-In · NCIIPC · MeitY

Cybersecurity for government, PSU and citizen-facing platforms.

Macksofy is CERT-In empanelled and delivers cybersecurity audits, VAPT and DFIR for state-government departments, PSUs, e-governance platforms, smart-city operators and citizen-facing services. Audit format matches MeitY + CERT-In submission requirements directly.

Book a scoping call See regulatory coverage

Vertical outcomes

CERT-In format VAPT reports accepted by the ministry/PSU/state IT department on the first read
NCIIPC-aligned controls assessment for critical-information-infrastructure entities
Evidence packs with 7-year retention horizon and traceable provenance
Bidding via GeM / state-portal procurement with all the empanelment documentation pre-staged
DFIR retainer with state-IT-department-aware playbooks

Sector context

Why Government · PSU cybersecurity isn't generic.

Government cybersecurity in India is run by CERT-In's empanelment regime — only empanelled auditors can sign off on the audits that ministries, PSUs, smart-city SPVs and citizen-platform operators rely on. Macksofy has been empanelled across multiple cycles. Adjacent: NCIIPC for critical-information-infrastructure entities, MeitY for e-governance frameworks, state-level IT departments for state-portal audits, and increasingly UIDAI / Aadhaar-system auditor expectations for any platform integrating with the Aadhaar stack.

Macksofy's government practice covers: CERT-In format VAPT for citizen-facing portals, audit-evidence packs for MeitY / CERT-In submissions, NCIIPC-aligned controls assessment for CII entities, e-Office and e-Sign platform security, and DFIR retainers for state-IT departments. We work alongside the empanelled vendor ecosystem (NIC, ERNET, state IT corporations) where the engagement requires it.

What's specific to government cybersecurity: report format must match CERT-In's published audit format exactly, no exceptions; bidding via GeM / state-portal procurement; OEM-product audit constraints (TCO / vendor lock-in considerations); and a longer evidence-retention horizon than commercial work (typically 7 years vs. 3).

Regulatory coverage

Frameworks Macksofy already maps to.

Every engagement's controls matrix tracks against these frameworks so the same evidence covers multiple regulator submissions.

CERT-In — empanelment + audit format + 6-hour incident reporting
NCIIPC — for critical-information-infrastructure entities
MeitY — e-governance framework + STQC certification
UIDAI — for any Aadhaar-integration platform
State IT departments + state portals (Mumbai-Maharashtra-IT, KEONICS, ELCOT, etc.)
DPDPA — citizen-personal-data provisions
STQC — e-governance application certification

Services we deliver into Government · PSU

The Macksofy engagement shape for Government · PSU.

Vulnerability Assessment & Penetration Testing (VAPT)

VAPT done properly — not a scan with a cover page.

Explore service

Penetration Testing

Find what attackers will. Before they do.

Explore service

Web Application Security Testing

Test web apps the way attackers (and bug bounty hunters) do.

Explore service

Digital Forensics & Incident Response (DFIR)

When the worst happens, every minute matters.

Explore service

SOC Setup & SIEM Engineering (Wazuh + ELK)

A SOC that detects what matters. Not just what's loud.

Explore service

Secure Source Code Review

Find the flaw at line 412 — before it ships to prod.

Explore service

Audits scoped for this vertical

Submission-ready evidence packs.

Indian Regulatory

CERT-In Empanelled Audit

The audit your regulator will accept on the first read.

See audit International Standard

ISO 27001 Consulting & Implementation

ISO 27001 done in 16 weeks — by people who've shipped 30+ certifications.

See audit

Anonymised engagement snapshot

What a Government · PSU engagement actually delivers.

Client profile

State-government citizen-services portal · 12 services · 4 Cr+ registered users

Scope

CERT-In format VAPT across the portal (web + mobile + APIs + admin console). NCIIPC controls baseline (the portal handles citizen data marked sensitive). Audit-evidence pack for the state IT department's annual MeitY submission.

Finding

Admin-console role-based access had a path-traversal in the user-management endpoint allowing privilege escalation from district-admin to state-admin. Mobile-app login endpoint had a timing-attack-vulnerable user-enumeration finding. Three legacy services were still on TLS 1.0.

Outcome

Path-traversal fixed and a regression test added to the CI; user-enumeration timing equalised; TLS 1.0 services migrated to TLS 1.2+ behind a load-balancer enforcement. Audit pack accepted by the state IT department's MeitY submission with zero rework.

What clients say · Trusted India + UAE

Rated 4.9 ★ from 612 client reviews.

CERT-In Empanelled

Govt of India · MeitY

EC-Council ATC

Authorized Training

ISO 27001 Certified

Info Security Mgmt

“We've worked with three Big 4 firms before Macksofy. None found what their team did in our payments stack. The most actionable report we've received in a decade.”

Aisha Khan

Information Security Manager · Listed Fintech · BKC, Mumbai

“The CHFI training Macksofy delivered for our cyber cell raised investigation quality measurably. Practical, India-context-aware, and respectful of our operational realities.”

Inspector K. Joshi

Cyber Cell · Maharashtra Police · Mumbai

“Came in with zero security background. 5 weeks later I was running Burp Suite and Metasploit confidently. Cleared CEH on the first attempt.”

Vivek Iyer

DevSecOps Lead · Healthcare SaaS · Hyderabad

Read all 612 reviews on Google →

FAQ

Things Government · PSU buyers ask first.

Yes — Macksofy is a CERT-In empanelled Information Security Auditor under MeitY, Government of India, across multiple empanelment cycles. Our reports follow the CERT-In published audit format and are accepted by ministries, PSUs, state IT departments and smart-city SPVs.

Delivery footprint

Where Macksofy delivers Government · PSU cybersecurity.

On-site engagements across India's BFSI, fintech, government and SaaS metros plus the UAE. Senior consultants fly from Mumbai BKC for kickoff, key reviews and exit briefings; remote weeks run through the rest of the engagement.

Government · PSU · Mumbai Government · PSU · Delhi NCR Government · PSU · Bengaluru Government · PSU · Hyderabad Government · PSU · Chennai Government · PSU · Pune Government · PSU · Noida Government · PSU · Gurugram

Talk to us

Get a fixed-price proposal in 48 hours.

Tell us about your security need — pentest, audit, training or a wider engagement. A senior consultant will reply within a few business hours.

CERT-In Empanelled

Information Security Auditor · India

CERT-In Empanelled
EC-Council ATC · CompTIA Authorized
20,000+ professionals trained
India + UAE engagements