95
edits
Changes
Jump to navigation
Jump to search
Line 101:
Line 101: − + Line 137:
Line 137: + + + + + + + + + + + +
GC HTTPS Everywhere/Strategy (view source)
Revision as of 18:21, 5 October 2022
, 18:21, 5 October 2022no edit summary
<br>
<br>
7. Based on the assessment, and using the [https://wiki.gccollab.ca/GC_HTTPS_Everywhere guidance available on GCcollab], the following activities may be required:
7. Based on the assessment, and using the [https://wiki.gccollab.ca/GC_HTTPS_Everywhere guidance available on GCcollab], the following activities may be required:
* Obtain certificates from a GC-approved certificate source as outlined in the [https://wiki.gccollab.ca/images/8/89/Recommendations_for_TLS_Server_Certificates.pdf Recommendations for TLS Server Certificates] for GC Public Facing Web Services
* Obtain certificates from a GC-approved certificate source as outlined in the [https://wiki.gccollab.ca/images/9/92/Recommendations_for_TLS_Server_Certificates_-_14_May_2021.pdf Recommendations for TLS Server Certificates] [https://wiki.gccollab.ca/images/8/8b/Recommendations_for_TLS_Server_Certificates_-_14_May_2021-FR-REV-NG.pdf Recommandations liées aux certificats de serveur TLS] for GC Public Facing Web Services
* Obtain the [https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Implementation_Guidance configuration guidance] for the appropriate endpoints (e.g. web server, network/security appliances, etc.) and implement recommended configurations to support HTTPS.
* Obtain the [https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Implementation_Guidance configuration guidance] for the appropriate endpoints (e.g. web server, network/security appliances, etc.) and implement recommended configurations to support HTTPS.
<br>
<br>
The use of continuous, distributed security analytics and infrastructure monitoring will support advanced awareness and automation, thus improving security of both the network and its users.
The use of continuous, distributed security analytics and infrastructure monitoring will support advanced awareness and automation, thus improving security of both the network and its users.
== Exemption Requests ==
Departments who cannot implement all the requirements of the ITPIN must apply to GC Enterprise Architecture Review Board (GC EARB) for an exemption with a rationale to justify the request.
Links to the required GC EARB deck template, which includes direction for all departments who will be unable to meet the requirements of the ITPIN by the end of the calendar year, along with an excel template to provide details are below:
(1.EN) [https://wiki.gccollab.ca/images/6/63/GC_EARB_HTTPS_Exemption.pptx GC EARB HTTPS Exemption Template - EN]<br>
(1.FR) [https://wiki.gccollab.ca/images/c/ca/GC_EARB_HTTPS_Exemption_FR.PPTX GC EARB HTTPS Exemption Template - FR]<br>
(2.EN) [https://wiki.gccollab.ca/images/0/0a/GC_EARB_HTTPS_Exemption_Details.xlsx GC EARB HTTPS Exemption Details - EN]<br>
(2.FR) [https://wiki.gccollab.ca/images/6/6a/GC_EARB_HTTPS_Exemption_Details_FR.xlsx GC EARB HTTPS Exemption Details - FR]<br>
Departments should contact the CIOB-DPPI IT-Division-TI <ZZCIOBDP@tbs-sct.gc.ca> mailbox for further requirements for submitting an exemption request.
== Enquiries ==
== Enquiries ==
