Changes

Line 75: Line 75:  
* Departmental business units  
 
* Departmental business units  
 
<br>
 
<br>
3. Provide an up-to-date list of all domain and sub-domains of the publicly-accessible websites and web services to the following website: [https://canada-ca.github.io/pages/submit-institutional-domains.html Submit your institution's domains]. Alternatively, submit the CSV output from the [https://https-everywhere.canada.ca/ HTTPS Dashboard] to ZZTBSCYBERS@tbs-sct.gc.ca, noting additions in <span style="color:green;">green</span>, deletions in <span style="color:red;">red</span>, and modifications (e.g.: ownership) in <span style="color:yellow;background:#AAAAAA;">yellow</span>.
+
3. Provide an up-to-date list of all domain and sub-domains of the publicly-accessible websites and web services to TBS Cybersecurity.
<br><br>
+
* Update and send the filtered “compliance.csv” file available from the [https://https-everywhere.canada.ca/ HTTPS Dashboard] for mass updates; or
4. Perform an assessment of the domains and sub-domains to determine the status of the configuration. Tools available to support this activity includes GC HTTPS Dashboard, SSL Labs, Hardenize, etc.
+
* Use the following website for domain additions: [https://canada-ca.github.io/pages/submit-institutional-domains.html Submit your institution's domains].
 +
<br>
 +
4. Perform an assessment of the domains and sub-domains to determine the status of the configuration. Tools available to support this activity include the GC HTTPS Dashboard, [https://www.ssllabs.com/ SSL Labs], [https://www.hardenize.com/ Hardenize], [https://www.sslshopper.com/ssl-checker.html SSLShopper], etc.
 
<br><br>
 
<br><br>
 
5. Develop a prioritized implementation schedule for each of the affected websites and web services, following the recommended prioritization approach in the ITPIN:
 
5. Develop a prioritized implementation schedule for each of the affected websites and web services, following the recommended prioritization approach in the ITPIN:
Line 84: Line 86:  
* ''6.2.3 All remaining websites and web services must be accessible through a secure connection, as outlined in Section 6.1, by December 31, 2019.''
 
* ''6.2.3 All remaining websites and web services must be accessible through a secure connection, as outlined in Section 6.1, by December 31, 2019.''
 
<br>
 
<br>
6. Engage the departmental IT group for implementation as appropriate.  
+
6. Engage departmental IT planning groups for implementation as appropriate.
 
* Where necessary adjust IT Plans and budget estimates for the FY where work is expected.
 
* Where necessary adjust IT Plans and budget estimates for the FY where work is expected.
* It is recommended that SSC partners contact their SSC Service Delivery Manager to discuss the departmental action plan and required steps to submit a request for change.  
+
* It is recommended that SSC partners contact their SSC Service Delivery Manager to discuss the departmental action plan and required steps to submit a request for change.
 
* '''An expedited process for HTTPS BRDs has been established - ensure the title of your BRD is "<u>GC HTTPS Initiative - TLS 1.2 Upgrade</u>", ou également: "<u>Initiative du GC relative à HTTPS – Mise à niveau TLS 1.2</u>"
 
* '''An expedited process for HTTPS BRDs has been established - ensure the title of your BRD is "<u>GC HTTPS Initiative - TLS 1.2 Upgrade</u>", ou également: "<u>Initiative du GC relative à HTTPS – Mise à niveau TLS 1.2</u>"
 
<br>
 
<br>
7. Based on the assessment, and using the [http://wiki.gccollab.ca/GC_HTTPS_Everywhere guidance available on GCcollab Wiki], the following activities may be required:
+
7. Based on the assessment, and using the [https://wiki.gccollab.ca/GC_HTTPS_Everywhere guidance available on GCcollab], the following activities may be required:
* Obtain certificates from a GC-approved certificate source as outlined in the ''Recommendations for TLS Server Certificates for GC Public Facing Web Services''
+
* Obtain certificates from a GC-approved certificate source as outlined in the [https://wiki.gccollab.ca/images/8/89/Recommendations_for_TLS_Server_Certificates.pdf Recommendations for TLS Server Certificates] for GC Public Facing Web Services
* Obtain the configuration guidance for the appropriate endpoints (e.g. web server, network/security appliances, etc.) and implement recommended configurations to support HTTPS.
+
* Obtain the [https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Implementation_Guidance configuration guidance] for the appropriate endpoints (e.g. web server, network/security appliances, etc.) and implement recommended configurations to support HTTPS.
 
<br>
 
<br>
8. Perform another assessment of the applicable domains and sub-domains to confirm that the configuration has been updated and that HTTPS is enforced in accordance with [https://www.canada.ca/en/treasury-board-secretariat/services/information-technology/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html ITPIN 2018-01].
+
8. Perform another assessment of the applicable domains and sub-domains to confirm that the configuration has been updated and that all elements are enforced in accordance with [https://www.canada.ca/en/treasury-board-secretariat/services/information-technology/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html ITPIN 2018-01]. Results will appear in the [https://https-everywhere.canada.ca/ HTTPS Dashboard] within 24 hours.
    
<br>
 
<br>
263

edits