GDS updates email and service guidelines for tighter security

Written by Rebecca Hill on 1 July 2016 in News
News

The Government Digital Service has updated its guidelines to mandate that services run on secure HTTPS and use HTTP Strict Transport Security by 1 October 2016.

GDS has imposed higher security measures for services and emails - Photo credit: Flickr, Jobs for Felons Hub

The security guidelines for government services were first established in 2012, and have now been updated to set out stricter security measures for services and emails.


Related content

Government Digital Service trials email 'assurance' tool
Millions of Internet Things are 'secured' by same 'private' keys


All government services must run on secure systems – HTTPS – so that all data is encrypted while users are using the service.

In addition they must use HSTS. This tells browsers that a service will only use secure connections and that information should be encrypted.

The service.gov.uk domain will only ever connect to government services via HTTPS from September, meaning that services that are only available over unsecured connections will stop working in modern browsers.

Alongside the updates to services, GDS has published guidance on how to implement secure email practices.

This includes an update to its DMARC - Domain-based Message Authentication, Reporting and Conformance – policy.

Any emails that do not have a DMARC policy set to the highest level, known as p=reject, by 1 October may have their emails rejected by external email providers, GDS said in a blogpost.

It said that, as a temporary measure, if teams can’t change their policy to p=reject, they should publish a record using p=none to override the default policy.

Share this page

Tags

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Will the government’s latest shared services strategy deliver delight or despair to Whitehall?
4 April 2018

Former senior civil servant Andrew Greenway looks at the reasons for both optimism and scepticism as the government embarks on another shared-services rollout

IR35 reforms have had ‘little impact on projects or vacancy-filling’, says HMRC
19 May 2018

Changes to the legislation made last year – which had been expected to have a big impact on IT contractors – have also brought in £410m in extra revenue, the tax agency claims

Home Office to revamp communications infrastructure
14 May 2018

Department issues contract notice seeking external supplier for two-year contract to install unified communications environment

Related Sponsored Articles

Building trust in the digital age
15 May 2018

BT argues that the digital age requires a certain level of trust in technology. But how can we establish this and still make the most of digital transformation?

GDPR compliance as a detox exercise
8 May 2018

BT's Mike Pannell argues that organisations should get rid of data they no longer need

The Grief of GDPR Compliance
23 April 2018

Sean Luke, BT's CIO for the Universities Sector, on the strange parallels between GDPR readiness and grief