Difference between revisions of "HTTPS Refs and Guidance"
Jump to navigation
Jump to search
(Created page with "==Legislation== * [http://laws-lois.justice.gc.ca/eng/acts/P-21/index.html Privacy Act] ==Related policy instruments== * [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16578...") |
|||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 14: | Line 14: | ||
* [https://www.cse-cst.gc.ca/en/node/1297/html/27582 CSE ITSB-89v3 Top 10 IT Security Actions to Protect Government of Canada Internet-Connected Networks and Information] | * [https://www.cse-cst.gc.ca/en/node/1297/html/27582 CSE ITSB-89v3 Top 10 IT Security Actions to Protect Government of Canada Internet-Connected Networks and Information] | ||
* [https://www.cse-cst.gc.ca/en/node/1842/html/26717 CSE ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems] | * [https://www.cse-cst.gc.ca/en/node/1842/html/26717 CSE ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems] | ||
| − | * [https:// | + | * [https://cyber.gc.ca/en/guidance/guidance-securely-configuring-network-protocols-itsp40062 CSE ITSP.40.062 Guidance on Securely Configuring Network Protocols] |
| + | * [https://cyber.gc.ca/en/guidance/cryptographic-algorithms-unclassified-protected-and-protected-b-information-itsp40111 Cryptographic Algorithms for UNCLASSIFIED, PROTECTED A, and PROTECTED B Information] | ||
==Other references== | ==Other references== | ||
| Line 25: | Line 26: | ||
* Google - [https://support.google.com/webmasters/answer/6073543 Webmasters: Secure Your Site with HTTPS] | * Google - [https://support.google.com/webmasters/answer/6073543 Webmasters: Secure Your Site with HTTPS] | ||
* Mozilla - [https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility Security/Server Side TLS] | * Mozilla - [https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility Security/Server Side TLS] | ||
| + | * NIST - [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-16.pdf TLS Server Certificate Management Practice Guide] | ||
| + | * Microsoft - [https://www.microsoft.com/security/blog/2020/08/20/taking-transport-layer-security-tls-to-the-next-level-with-tls-1-3/ Taking TLS to the next level with TLS 1.3] | ||
Latest revision as of 08:00, 21 August 2020
Legislation
Related policy instruments
- Policy on Government Security
- Policy on Management of Information Technology
- Policy on Privacy Protection
- Policy on Access to Information
- Directive on Departmental Security Management
- Operational Security Standard: Management of Information Technology Security (MITS)
GC references
- CSE ITSG-33 Overview: IT Security Risk Management: A Lifecycle Approach
- CSE ITSB-89v3 Top 10 IT Security Actions to Protect Government of Canada Internet-Connected Networks and Information
- CSE ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems
- CSE ITSP.40.062 Guidance on Securely Configuring Network Protocols
- Cryptographic Algorithms for UNCLASSIFIED, PROTECTED A, and PROTECTED B Information
Other references
- NIST SP 800-52, Revision 1: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
- US Government, The HTTPS-Only Standard
- Department of Homeland Security, Binding Operational Directive 18-01 Enhance Email and Web Security
- GOV.UK, Service Manual, Using HTTPS
- UK National Cyber Security Centre, Using TLS to protect data
- Qualys - SSL/TLS Deployment Best Practices
- Google - Webmasters: Secure Your Site with HTTPS
- Mozilla - Security/Server Side TLS
- NIST - TLS Server Certificate Management Practice Guide
- Microsoft - Taking TLS to the next level with TLS 1.3
