Stay Connected
National Information Technology Agency

Certified Authority

Certified Authority

The Government Computer Emergency Response Team (GovCERT) is the sector-specific cybersecurity incident response capability for the Government of Ghana, established and operated by the National Information Technology Agency (NITA).

GovCERT operates within the national cybersecurity framework established by the Cybersecurity Act, 2020 (Act 1038), which provides the legal and institutional basis for securing Ghanas digital ecosystem. The Act establishes the Cyber Security Authority (CSA) as the national regulator responsible for overseeing cybersecurity activities, preventing and managing cyber threats, and ensuring a coordinated national response.

The Act further provides for a structured national incident response ecosystem, including the establishment of a National Computer Emergency Response Team (CERT-GH) as the central coordination point for cybersecurity incidents.

National CERT Architecture

  • National CERT (CERT-GH), under the CSA, provides national-level coordination, including cross-sector and international incident response
  • GovCERT, under NITA, serves as the government sector CERT, focusing on Ministries, Departments and Agencies (MDAs) and public sector digital infrastructure

GovCERT operates as a constituent CERT within Ghanas national CERT ecosystem, ensuring sector-level monitoring, detection, and response, while coordinating with the National CERT on incidents of national significance. This federated CERT model enables a whole-of-government and whole-of-nation approach to cybersecuritycombining centralised coordination with sector-specific operational depth.

Critical Information Infrastructure (CII)

The Cybersecurity Act, 2020 (Act 1038) defines Critical Information Infrastructure (CII) as systems and networks essential to national security and the economic and social well-being of citizens. Sections 3540 establish a comprehensive regime for the designation, protection, regulation, and audit of CII, including obligations on institutions that own or operate such systems. Given the central role of government systems in delivering public services, most digital platforms operated by MDAs fall within Ghanas CII ecosystem.

Obligations of MDAs as CII Owners

Under the Act and directives issued by the CSA, MDAs designated as CII owners are required to:

  • Implement appropriate cybersecurity controls and safeguards
  • Establish governance structures and assign cybersecurity accountability
  • Conduct periodic risk assessments and compliance audits
  • Report cybersecurity incidents within prescribed timelines
  • Ensure continuous monitoring and resilience of critical systems

These obligations are legally enforceable and form a key part of Ghanas national cybersecurity posture.

GovCERTs Role in Supporting CII Compliance

GovCERT serves as the primary operational arm supporting MDAs in fulfilling their CII obligations, working in close coordination with the CSA and the National CERT. Specifically, GovCERT:

  • Provides centralised incident detection, response, and recovery support for government systems
  • Supports MDAs in incident reporting and escalation to the National CERT (CERT-GH)
  • Delivers threat intelligence, monitoring, and early warning services
  • Assists with vulnerability management and risk mitigation
  • Provides technical guidance to support compliance with CSA directives
  • Supports readiness for audits and regulatory assessments

This positions GovCERT as both a security operations centre for government and a key enabler of regulatory compliance under the Cybersecurity Act.

Core Functions of GovCERT

  • Incident Response & Coordination  Centralised coordination of cybersecurity incidents affecting government systems, including malware, ransomware, phishing, and data breaches
  • Threat Intelligence & Monitoring  Continuous monitoring and analysis of the threat landscape, providing alerts and advisories to MDAs
  • Vulnerability Management  Identification, assessment, and remediation support for vulnerabilities across government systems
  • Digital Forensics & Investigation  Technical investigation of incidents to determine root causes, assess impact, and support enforcement actions
  • Capacity Building & Awareness  Training, simulations, and awareness programs to strengthen cybersecurity readiness across MDAs

GovCERTs Role in Ghanas Digital Transformation

As Ghana advances its digital transformation agendathrough digital public infrastructure, data exchange, and trust servicesgovernment systems increasingly form part of the nations Critical Information Infrastructure. GovCERT plays a foundational role in securing government digital platforms, ensuring compliance with national cybersecurity laws, protecting critical public services, and maintaining trust in digital government.

Collaboration & Partnerships

GovCERT collaborates with the Cyber Security Authority (CSA), the National CERT (CERT-GH), law enforcement and national security agencies, and international CERT networks and partnersensuring a coordinated response to both national and cross-border cyber threats.

Alerts & Advisory

GovCERT provides continuous monitoring and analysis of the cyber threat landscape affecting government systems and public sector digital infrastructure. Timely threat intelligence and advisories are disseminated to MDAs to support proactive defence and informed decision-making.

All alerts and advisories are issued in accordance with Ghanas national cybersecurity framework under the Cybersecurity Act, 2020 (Act 1038) and in coordination with the Cyber Security Authority (CSA) and the National CERT (CERT-GH).

Types of Alerts & Advisories

  • Threat Advisories  Notices on emerging malware, ransomware campaigns, phishing threats, and active exploits targeting government infrastructure
  • Vulnerability Notifications  Alerts on critical vulnerabilities in widely-used systems and software, with recommended mitigations
  • Incident Early Warnings  Proactive notices when credible threats against government systems are identified
  • Security Bulletins  Periodic summaries of the national and global threat environment relevant to MDAs
  • Compliance Guidance Notices  Directives and guidance to support MDAs in meeting obligations under the Cybersecurity Act and CSA regulations

How Advisories Are Disseminated

  • Direct communication to designated cybersecurity focal persons in MDAs
  • Publication on the GovCERT/NITA official portal
  • Coordination with the National CERT (CERT-GH) and the CSA for sector-wide distribution
  • Liaison with ISPs, telecom providers, and CII operators where relevant

Threat Intelligence Services

GovCERT delivers threat intelligence as part of its core mandate, including:

  • Indicators of Compromise (IoCs) shared with registered MDAs
  • Analysis of attack trends and threat actor activity targeting public sector systems
  • Open-source and technical intelligence monitoring relevant to Ghanas government digital ecosystem
  • Coordination with international CERT networks for cross-border threat awareness

Subscribe to GovCERT Advisories

Government institutions and MDAs can register with GovCERT to receive real-time alerts, tailored advisories, and situational awareness reports. Contact GovCERT to designate your institutions cybersecurity focal person and establish the appropriate communication channels.

Email: govcert@nita.gov.gh  |  Phone: +233 XXX XXX XXX

Incident Reporting

All government institutions are required by law to report cybersecurity incidents promptly under the Cybersecurity Act, 2020 (Act 1038). Timely reporting enables GovCERT to coordinate an effective national response, contain damage, and support recovery.

GovCERT serves as the first point of contact for government institutions and will escalate incidents of national significance to the National CERT (CERT-GH) and the Cyber Security Authority (CSA) as appropriate.

What to Report

  • Malware infections, including ransomware and spyware
  • Unauthorised access to government systems or data
  • Phishing attacks targeting government staff or citizens
  • Data breaches or suspected leakage of sensitive or classified information
  • Denial-of-service (DoS/DDoS) attacks on government infrastructure
  • Website defacement or tampering with government digital platforms
  • Any other incident affecting the availability, integrity, or confidentiality of government systems

Reporting Channels

  • Email: govcert@nita.gov.gh
  • Hotline: +233 XXX XXX XXX (available for urgent incidents)
  • Online Portal: GovCERT Incident Reporting Portal (if applicable)
  • Walk-in: National Information Technology Agency (NITA) headquarters

Information Required When Reporting

  • Description of the incident and nature of the threat
  • Affected systems, services, or data
  • Date and time the incident was detected or occurred
  • Actions already taken to contain or mitigate the incident

What Happens After You Report

Upon receiving your report, GovCERT will:

  • Acknowledge receipt and assign a case reference
  • Triage the incident based on severity and potential national impact
  • Deploy technical assistance for containment and recovery where required
  • Escalate to the National CERT (CERT-GH) or CSA as appropriate
  • Coordinate with law enforcement or national security agencies if necessary
  • Issue post-incident reports and lessons learned to strengthen national preparedness

Legal Obligations

Under the Cybersecurity Act, 2020 (Act 1038), MDAs designated as Critical Information Infrastructure (CII) owners are legally required to report incidents within prescribed timelines. Failure to report may attract regulatory consequences under the Act. GovCERT is available to provide guidance on your institutions specific reporting obligations.

Services to Government Institutions

GovCERT provides a comprehensive range of cybersecurity services to government institutions, MDAs, and public sector entities to support their security operations and compliance with the Cybersecurity Act, 2020 (Act 1038).

Cybersecurity Incident Response

  • Cybersecurity incident response support (on-site and remote)
  • Technical support for incident containment and recovery
  • Coordination with CERT-GH and the CSA for incidents of national significance
  • Post-incident analysis and lessons-learned reporting

Threat Intelligence & Monitoring

  • Threat advisories and security alerts disseminated to MDAs
  • Continuous monitoring of the threat landscape affecting government systems
  • Indicators of Compromise (IoC) sharing with registered institutions
  • Early warning notifications on credible threats to government infrastructure

Risk & Vulnerability Management

  • Risk and vulnerability assessments for government systems and platforms
  • Security guidelines and best practices for MDAs
  • Remediation guidance and technical support for identified vulnerabilities
  • Support for compliance audits and regulatory assessments under the CSA

Digital Forensics & Investigation

  • Technical investigation of incidents to determine root cause and impact
  • Digital evidence collection and preservation support
  • Support for enforcement actions by the CSA and law enforcement agencies

Capacity Building & Awareness

  • Cybersecurity training programs for government ICT and security personnel
  • Cyber crisis simulation exercises and tabletop drills for MDAs
  • National cybersecurity awareness campaigns targeting public servants and citizens
  • Certification and professional development support

Contact GovCERT

To access GovCERT services or request technical assistance, contact us through the following channels:

  • Email: govcert@nita.gov.gh
  • Phone: +233 XXX XXX XXX
  • Address: National Information Technology Agency (NITA), Ghana