US to enforce HTTPS for new .gov domains
The USA’s General Services Administration (GSA) will work with modern web browser developers to automatically enforce HTTPS encryption on all newly issued executive branch .gov domains.
The GSA will establish a policy in the Northern Hemisphere’s spring (March to May) to submit newly created .gov domains and their subdomains to modern web browser makers for preloading.
Using this preloading process will ensure browsers will strictly enforce HTTPS for the submitted domains, and users will not be able to click through certificate warnings. The preloading process is expected to take around three months.
Since June 2015, all new federal web services have bean required to support and enforce HTTPS connections over the public internet, and all existing services were migrated by the end of last year.
This new policy takes the HTTPS enforcement a step further. The policy has been limited to modern browsers because it will only affect clients that support HTTP Strict Transport Security (HSTS).
Announcing the change, the GSA said non-secure HTTP connections “lack integrity protection, and can be used to attack citizens, foreign nationals, and government staff. HTTPS provides increased confidentiality, authenticity, and integrity that mitigate these attacks.”
Follow us on Twitter and Facebook
New online resource to support employment of ex-service people
The Department of Veterans' Affairs has announced new resources to support the employment of...
Research finds upsides for local governments that look to employ chatbots
Researchers at QUT have studied the use of AI-powered chatbots in the local government sector to...
Speedcast signs extended contract with NT Government
Speedcast has extended and expanded its contract to provide satellite-based communications...
