forked from cds-snc/track-web
-
Notifications
You must be signed in to change notification settings - Fork 0
/
guidance.html
77 lines (54 loc) · 4.74 KB
/
guidance.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
{% extends "en/layout-en.html" %}
{% block title %}Read guidance{% endblock %}
{% block pageid_en %}guidance{% endblock %}
{% block pageid_fr %}directives{% endblock %}
{% block description %}Read guidance.{% endblock description %}
{% block content %}
<section id="main-content" class="flex-1">
<div class="container mx-auto items-center sm:w-4/5 xl:w-3/5 mt-6 mb-6">
<h1>Read guidance</h1>
<p>Help us make government websites more secure. Please complete the following steps to become compliant with the Government of Canada's web security standards. If you have any questions about this process, please <a href="/en/help">contact us</a>.</p>
<br/>
<ol class="text-lg mb-2 leading-normal">
<li class="mb-6"> Identify key resources required to act as central point(s) of contact with TBS and the HTTPS Community of Practice. Establish connections via the GCTools channels at:
<ul>
<li>GCconnex: <a href="https://gcconnex.gc.ca/groups/profile/35218846/gc-https-everywhere-2018-https-partout-dans-le-gc-2018" class="text-https-blue hover:text-black">HTTPS Everywhere 2018</a></li>
<li>GCmessage: <a href="https://message.gccollab.ca/channel/httpseverywhere-httpspartout" class="text-https-blue hover:text-black">#HTTPSEverywhere-HTTPSpartout</a></li>
</ul>
</li>
<li class="mb-6">Perform an inventory of all departmental domains and subdomains. Sources of information include:
<ul>
<li>Internally available <a href="https://https-everywhere.canada.ca" class="text-https-blue hover:text-black">HTTPS Dashboard</a></li>
<li>TBS Application Portfolio Management (APM)</li>
<li>Departmental business units </li>
</ul>
</li>
<li class="mb-6">Provide an up-to-date list of all domain and sub-domains of the publicly-accessible websites and web services to the following website: <a href="https://canada-ca.github.io/pages/submit-institutional-domains.html" class="text-https-blue hover:text-black">Submit your institution's domains</a>.</li>
<li class="mb-6">Perform an assessment of the domains and sub-domains to determine the status of the configuration. Tools available to support this activity includes GC HTTPS Dashboard, SSL Labs, Hardenize, etc.</li>
<li class="mb-6">Develop a prioritized implementation schedule for each of the affected websites and web services, following the recommended prioritization approach in the ITPIN:
<ul>
<li>6.2.1 Newly developed websites and web services must adhere to this ITPIN upon launch. </li>
<li>6.2.2 Websites and web services that involve an exchange of personal information or other sensitive information must receive priority following a risk-based approach, and migrate as soon as possible. </li>
<li>6.2.3 All remaining websites and web services must be accessible through a secure connection, as outlined in Section 6.1, by September 30, 2019.</li>
</ul>
</li>
<li class="mb-6">Engage the departmental IT group for implementation as appropriate.
<ul>
<li>Where necessary adjust IT Plans and budget estimates for the FY where work is expected.</li>
<li>It is recommended that SSC partners contact their SSC Service Delivery Manager to discuss the departmental action plan and required steps to submit a request for change. </li>
</ul>
</li>
<li class="mb-6">Based on the assessment, and using the <a href="https://www.gcpedia.gc.ca/wiki/HTTPS_Initiative" class="text-https-blue hover:text-black">guidance available on GCpedia</a>, the following activities may be required:
<ul>
<li>Obtain certificates from a GC-approved certificate source as outlined in the Recommendations for TLS Server Certificates for GC Public Facing Web Services</li>
<li>Obtain the configuration guidance for the appropriate endpoints (e.g. web server, network/security appliances, etc.) and implement recommended configurations to support HTTPS.</li>
</ul>
</li>
<li class="mb-6">Perform another assessment of the applicable domains and sub-domains to confirm that the configuration has been updated and that HTTPS is enforced in accordance with the ITPIN.
</li>
</ol>
<br/>
<p>For any questions or concerns related to the ITPIN and related implementation guidance, contact TBS Cybersecurity (<a href="mailto:zzTBSCybers@tbs-sct.gc.ca" class="text-https-blue hover:text-black">zzTBSCybers@tbs-sct.gc.ca</a>).</p>
</div>
</section>
{% endblock %}