US to enforce HTTPS for new .gov domains
The USA’s General Services Administration (GSA) will work with modern web browser developers to automatically enforce HTTPS encryption on all newly issued executive branch .gov domains.
The GSA will establish a policy in the Northern Hemisphere’s spring (March to May) to submit newly created .gov domains and their subdomains to modern web browser makers for preloading.
Using this preloading process will ensure browsers will strictly enforce HTTPS for the submitted domains, and users will not be able to click through certificate warnings. The preloading process is expected to take around three months.
Since June 2015, all new federal web services have bean required to support and enforce HTTPS connections over the public internet, and all existing services were migrated by the end of last year.
This new policy takes the HTTPS enforcement a step further. The policy has been limited to modern browsers because it will only affect clients that support HTTP Strict Transport Security (HSTS).
Announcing the change, the GSA said non-secure HTTP connections “lack integrity protection, and can be used to attack citizens, foreign nationals, and government staff. HTTPS provides increased confidentiality, authenticity, and integrity that mitigate these attacks.”
Follow us on Twitter and Facebook
Government investment framework moved to digital.gov.au
The Digital and ICT Investment Oversight Framework (IOF) is a collaborative life cycle approach...
NSW Government supports efficiency reforms for councils
The NSW Government says it remains committed to ensuring NSW councils are efficient and...
Parramatta makes top 21 smart cities list
Parramatta has earned a spot in the International Communities Forum's top 21 smartest...
