Other measures to be put in place across government include compulsory penetration testing of departments' networks, mandatory security training for civil servants and privacy impact assessments for all service delivery projects.
Information security will also become part of the gateway review process, which examine the potential risks of government projects before they proceed.
The work was commissioned following the loss of two unencrypted discs containing the child benefit records of 25 million families, and is published on the same day as the Poynter Review into that incident, as well as the Burton Review into the loss of a Ministry of Defence laptop.
Cabinet secretary Sir Gus O'Donnell said the report aims to give government a framework to improve the way citizens' data is protected.
"Although no organisation, public or private, can ever guarantee that it will never make a mistake, I believe the measures we are announcing today will ensure the public can be assured we are taking the necessary measures to keep people's data secure," he said.
The safeguards will also be worked into contracts with private sector companies undertaking government work that may comprise access to citizens' information.
The Information Commissioner welcomed the moves.