US to enforce HTTPS for new .gov domains
The USA’s General Services Administration (GSA) will work with modern web browser developers to automatically enforce HTTPS encryption on all newly issued executive branch .gov domains.
The GSA will establish a policy in the Northern Hemisphere’s spring (March to May) to submit newly created .gov domains and their subdomains to modern web browser makers for preloading.
Using this preloading process will ensure browsers will strictly enforce HTTPS for the submitted domains, and users will not be able to click through certificate warnings. The preloading process is expected to take around three months.
Since June 2015, all new federal web services have bean required to support and enforce HTTPS connections over the public internet, and all existing services were migrated by the end of last year.
This new policy takes the HTTPS enforcement a step further. The policy has been limited to modern browsers because it will only affect clients that support HTTP Strict Transport Security (HSTS).
Announcing the change, the GSA said non-secure HTTP connections “lack integrity protection, and can be used to attack citizens, foreign nationals, and government staff. HTTPS provides increased confidentiality, authenticity, and integrity that mitigate these attacks.”
Follow us on Twitter and Facebook
Government ICT procurement policy needs reform: report
Industry leaders are calling for more robust government ICT procurement practices in Australia.
SAPA calls for better definition of what constitutes an Australian business
The Sovereign Australian Prime Alliance says the Australian Government must tighten the...
Australian Public Service bringing more jobs back in-house
The APS is set to bring more than half a billion dollars of core work in-house, according to the...
