HTTPS Refs and Guidance
Legislation
Related policy instruments
- Policy on Government Security
- Policy on Management of Information Technology
- Policy on Privacy Protection
- Policy on Access to Information
- Directive on Departmental Security Management
- Operational Security Standard: Management of Information Technology Security (MITS)
GC references
- CSE ITSG-33 Overview: IT Security Risk Management: A Lifecycle Approach
- CSE ITSB-89v3 Top 10 IT Security Actions to Protect Government of Canada Internet-Connected Networks and Information
- CSE ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems
- CSE ITSP.40.062 Guidance on Securely Configuring Network Protocols
- Cryptographic Algorithms for UNCLASSIFIED, PROTECTED A, and PROTECTED B Information
Other references
- NIST SP 800-52, Revision 1: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
- US Government, The HTTPS-Only Standard
- Department of Homeland Security, Binding Operational Directive 18-01 Enhance Email and Web Security
- GOV.UK, Service Manual, Using HTTPS
- UK National Cyber Security Centre, Using TLS to protect data
- Qualys - SSL/TLS Deployment Best Practices
- Google - Webmasters: Secure Your Site with HTTPS
- Mozilla - Security/Server Side TLS
- NIST - TLS Server Certificate Management Practice Guide
- Microsoft - Taking TLS to the next level with TLS 1.3