GDS updates email and service guidelines for tighter security

Written by Rebecca Hill on 1 July 2016 in News
News

The Government Digital Service has updated its guidelines to mandate that services run on secure HTTPS and use HTTP Strict Transport Security by 1 October 2016.

GDS has imposed higher security measures for services and emails - Photo credit: Flickr, Jobs for Felons Hub

The security guidelines for government services were first established in 2012, and have now been updated to set out stricter security measures for services and emails.


Related content

Government Digital Service trials email 'assurance' tool
Millions of Internet Things are 'secured' by same 'private' keys


All government services must run on secure systems – HTTPS – so that all data is encrypted while users are using the service.

In addition they must use HSTS. This tells browsers that a service will only use secure connections and that information should be encrypted.

The service.gov.uk domain will only ever connect to government services via HTTPS from September, meaning that services that are only available over unsecured connections will stop working in modern browsers.

Alongside the updates to services, GDS has published guidance on how to implement secure email practices.

This includes an update to its DMARC - Domain-based Message Authentication, Reporting and Conformance – policy.

Any emails that do not have a DMARC policy set to the highest level, known as p=reject, by 1 October may have their emails rejected by external email providers, GDS said in a blogpost.

It said that, as a temporary measure, if teams can’t change their policy to p=reject, they should publish a record using p=none to override the default policy.

Share this page

Tags

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Royal Navy seeks digital services partner
15 November 2019

Transformation programme looks to appoint supplier to two-year contract worth up to £10m

Wolverhampton councillors appove paperless meetings
6 December 2019

Local authority to use app across the board in bid to save money, decrease environmental impact and improve members’ IT skills

Related Sponsored Articles

Three best-practice measures in the event of a data breach
3 December 2019

To have the best chance of an effective response and a full recovery, organisations should have a robust incident response strategy in place, says BT 

How to take control of your network
26 November 2019

We hear from BT about why delivering a great customer experience depends on your network visibility 

The future of voice: how to successfully transform your legacy voice estate
19 November 2019

Organisations are increasingly having to replace their legacy voice infrastructure as traditional analogue and ISDN lines are being phased out. BT talk about how they can help the transition...

Case Study: Cryptocurrency, connectivity and the cloud
12 November 2019

BT presents findings from cryptocurrency firm Gemini on how they're providing customers with direct connectivity thanks to the Radianz network