263
edits
Changes
Jump to navigation
Jump to search
Line 22:
Line 22: − + + + + + + + Line 131:
Line 137: + + + + + + + + + + + +
GC HTTPS Everywhere/Strategy (view source)
Revision as of 09:20, 14 November 2019
, 09:20, 14 November 2019no edit summary
This guide is primarily for business owners, web developers, IT and IT security practitioners who are involved in implementing externally-facing GC online services.
This guide is primarily for business owners, web developers, IT and IT security practitioners who are involved in implementing externally-facing GC online services.
'''Note: ITPIN 2018-01 [https://www.canada.ca/en/treasury-board-secretariat/services/information-technology/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html Implementing HTTPS for Secure Web Connections] applies to departments in [https://laws-lois.justice.gc.ca/eng/acts/f-11/page-32.html#h-230507 Section 2 of the FAA only].'''
'''Note: ITPIN 2018-01 [https://www.canada.ca/en/treasury-board-secretariat/services/information-technology/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html Implementing HTTPS for Secure Web Connections] applies to departments as defined in [https://laws-lois.justice.gc.ca/eng/acts/f-11/page-1.html#h-227972 section 2 of the FAA]:'''
<br><br>
(a) any of the departments named in [https://laws-lois.justice.gc.ca/eng/acts/f-11/page-30.html#h-230472 Schedule I];<br>
(a.1) any of the divisions or branches of the federal public administration set out in column I of [https://laws-lois.justice.gc.ca/eng/acts/f-11/page-31.html#h-230498 Schedule I.1];<br>
(b) a commission under the [https://laws-lois.justice.gc.ca/eng/acts/I-11 Inquiries Act] that is designated by order of the Governor in Council as a department for the purposes of this Act;<br>
(c) the staffs of the Senate, House of Commons, Library of Parliament, office of the Senate Ethics Officer, office of the Conflict of Interest and Ethics Commissioner, Parliamentary Protective Service and office of the Parliamentary Budget Officer; and<br>
(d) any departmental corporation (a corporation named in [https://laws-lois.justice.gc.ca/eng/acts/f-11/page-32.html#h-230507 Schedule II]).
== Strategy Framework ==
== Strategy Framework ==
The use of continuous, distributed security analytics and infrastructure monitoring will support advanced awareness and automation, thus improving security of both the network and its users.
The use of continuous, distributed security analytics and infrastructure monitoring will support advanced awareness and automation, thus improving security of both the network and its users.
== Exemption Requests ==
Departments who cannot implement all the requirements of the ITPIN must apply to GC Enterprise Architecture Review Board (GC EARB) for an exemption with a rationale to justify the request.
Links to the required GC EARB deck template, which includes direction for all departments who will be unable to meet the requirements of the ITPIN by the end of the calendar year, along with an excel template to provide details are below:
(1.EN) [https://wiki.gccollab.ca/images/6/63/GC_EARB_HTTPS_Exemption.pptx GC EARB HTTPS Exemption Template - EN]<br>
(1.FR) [https://wiki.gccollab.ca/images/c/ca/GC_EARB_HTTPS_Exemption_FR.PPTX GC EARB HTTPS Exemption Template - FR]<br>
(2.EN) [https://wiki.gccollab.ca/images/0/0a/GC_EARB_HTTPS_Exemption_Details.xlsx GC EARB HTTPS Exemption Details - EN]<br>
(2.FR) [https://wiki.gccollab.ca/images/6/6a/GC_EARB_HTTPS_Exemption_Details_FR.xlsx GC EARB HTTPS Exemption Details - FR]<br>
Departments should contact the CIOB-DPPI IT-Division-TI <ZZCIOBDP@tbs-sct.gc.ca> mailbox for further requirements for submitting an exemption request.
== Enquiries ==
== Enquiries ==
