In a significant step toward strengthening national digital infrastructure, Pakistan has officially introduced the Pakistan Security Standard (PSS), a wide-ranging cybersecurity framework that updates and replaces the aging TM-27 model from 1994. Developed by Pakistan Standards and Quality Control Authority (PSQCA) and endorsed by National Technical Information Security Board (NTISB), the initiative seeks to ensure that cryptographic and IT security devices meet contemporary standards. This development reflects a growing focus on bolstering protection for sensitive networks across both the public and private sectors.
The PSS sets mandatory protocols for the design, evaluation, and certification of critical security products including encryption tools, firewalls, intrusion detection systems, secure operating systems, and anti-malware solutions. By doing so, it addresses vulnerabilities such as backdoors and trojans that could be exploited to compromise national security or disrupt essential services. Evaluations will be conducted by accredited laboratories working under the supervision of NTISB, ensuring that standards remain consistent, transparent, and technically rigorous. For organizations currently using international certifications, provisional acceptance will be allowed during the transitional phase.
Aligned with internationally recognized benchmarks such as FIPS 140-2 and the EU Common Criteria, the Pakistan Security Standard is specifically tailored to meet local operational and regulatory needs. A phased rollout over five years has been outlined, culminating in mandatory compliance by June 2028. This schedule is designed to provide government departments, telecom operators, financial institutions, and private firms with sufficient time to prepare their procurement strategies and replace non-compliant systems. Stakeholders handling sensitive or classified data will be required to upgrade their infrastructure and adopt PSS-compliant technologies to ensure continuity and security of services.
NTISB will operate as the central certification authority for PSS, supported by NASCEL-accredited facilities, further consolidating national oversight of cybersecurity standards. By establishing this homegrown framework, Pakistan aims to enhance resilience against escalating cyber threats and ensure that critical infrastructure is secured according to the highest technical benchmarks. The introduction of PSS represents a major shift from reliance on outdated models and fragmented certifications toward a unified approach that integrates best practices, international compatibility, and national priorities. This strategic move positions Pakistan to better protect its digital ecosystem and maintain sovereignty over its cybersecurity environment in an era of increasing global interconnectivity.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
