GC HTTPS Everywhere
|ITPIN 2018-01||Implementation Strategy||Implementation Guidance||Communication Material|
Canadians rely on the Government of Canada to provide secure digital services and expect government websites to be secure and private. The Government of Canada is committed to ensuring that all publicly accessible government websites and services are configured to provide service through a secure connection.
The Government of Canada (GC)’s Strategic Plan for Information Management and Information Technology 2017 to 2021 sets out strategic direction for information technology (IT) in the federal government and charts the path forward for IT from a whole-of-government or “enterprise” perspective. The Plan details strategic areas of focus (Service, Manage, Secure, and Community) that specify actions and activities that are underway or that represent new enterprise directions.
Secure, in the context of the GC IT Strategic Plan, involves, among other things, protective measures to enable the secure processing and sharing of data and information across government. This includes protecting Canadians and their online transactions while interacting with the government. Unencrypted connections to publicly-available GC websites and web services are vulnerable to manipulation, impersonation, and can expose sensitive user information.
To provide Canadians with the strongest privacy and integrity protection regardless of the sensitivity of the information being transmitted, TBS will establish a “Hypertext Transfer Protocol Secure (HTTPS) everywhere” standard that will require departments and agencies to use the HTTPS protocol for web-based connections. The HTTPS protocol, along with approved encryption algorithms, will ensure the secure transmission of data online and the delivery of secure web services.