Changes

Line 31: Line 31:  
* Public domains must provide instructions for users’ browsers to only connect to the HTTPS domains (i.e. HTTP Strict Transport Security (HSTS) must be enabled).
 
* Public domains must provide instructions for users’ browsers to only connect to the HTTPS domains (i.e. HTTP Strict Transport Security (HSTS) must be enabled).
 
* Public domains must disable known weak connection protocols and encryption ciphers, in accordance Communication Security Establishment guidance (ITSP.40.062 and ITSP.40.111).
 
* Public domains must disable known weak connection protocols and encryption ciphers, in accordance Communication Security Establishment guidance (ITSP.40.062 and ITSP.40.111).
* Public domains must use HTTPS certificates issued from a Certificate Authority (e.g. Entrust via SSC).
+
* Public domains must use HTTPS certificates issued from a Certificate Authority (e.g.: Entrust via SSC; see Certificates in [https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Implementation_Guidance Implementation Guidance] for more).
263

edits