This repository has been archived by the owner on Feb 3, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
25 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -18,23 +18,23 @@ <h1>Read guidance</h1> | |
|
|
||
| <ul> | ||
|
|
||
| <li>GCconnex: <a href="https://gcconnex.gc.ca/groups/profile/35218846/gc-https-everywhere-2018-https-partout-dans-le-gc-2018" class="text-https-blue hover:text-black ">HTTPS Everywhere 2018</a></li> | ||
| <li>GCmessage: <a href="https://message.gccollab.ca/channel/httpseverywhere-httpspartout" class="text-https-blue hover:text-black ">#HTTPSEverywhere-HTTPSpartout</a></li> | ||
| <li>GCconnex: <a href="https://gcconnex.gc.ca/groups/profile/35218846/gc-https-everywhere-2018-https-partout-dans-le-gc-2018" class="text-https-blue hover:text-black">HTTPS Everywhere 2018</a></li> | ||
| <li>GCmessage: <a href="https://message.gccollab.ca/channel/httpseverywhere-httpspartout" class="text-https-blue hover:text-black">#HTTPSEverywhere-HTTPSpartout</a></li> | ||
| </ul> | ||
| </li> | ||
|
|
||
| <li class="mb-6">Perform an inventory of all departmental domains and subdomains. Sources of information include: | ||
|
|
||
| <ul> | ||
|
|
||
| <li>Internally available <a href="https://https-everywhere.canada.ca" class="text-https-blue hover:text-black ">HTTPS Dashboard</a></li> | ||
| <li>Internally available <a href="https://https-everywhere.canada.ca" class="text-https-blue hover:text-black">HTTPS Dashboard</a></li> | ||
| <li>TBS Application Portfolio Management (APM)</li> | ||
| <li>Departmental business units </li> | ||
| </ul> | ||
|
|
||
| </li> | ||
|
|
||
| <li class="mb-6">Provide an up-to-date list of all domain and sub-domains of the publicly-accessible websites and web services to the following website: <a href="https://canada-ca.github.io/pages/submit-institutional-domains.html" class="text-https-blue hover:text-black ">Submit your institution's domains</a>.</li> | ||
| <li class="mb-6">Provide an up-to-date list of all domain and sub-domains of the publicly-accessible websites and web services to the following website: <a href="https://canada-ca.github.io/pages/submit-institutional-domains.html" class="text-https-blue hover:text-black">Submit your institution's domains</a>.</li> | ||
| <li class="mb-6">Perform an assessment of the domains and sub-domains to determine the status of the configuration. Tools available to support this activity includes GC HTTPS Dashboard, SSL Labs, Hardenize, etc.</li> | ||
| <li class="mb-6">Develop a prioritized implementation schedule for each of the affected websites and web services, following the recommended prioritization approach in the ITPIN: | ||
|
|
||
|
|
@@ -56,7 +56,7 @@ <h1>Read guidance</h1> | |
|
|
||
| </li> | ||
|
|
||
| <li class="mb-6">Based on the assessment, and using the <a href="https://www.gcpedia.gc.ca/wiki/HTTPS_Initiative" class="text-https-blue hover:text-black ">guidance available on GCpedia</a>, the following activities may be required: | ||
| <li class="mb-6">Based on the assessment, and using the <a href="https://www.gcpedia.gc.ca/wiki/HTTPS_Initiative" class="text-https-blue hover:text-black">guidance available on GCpedia</a>, the following activities may be required: | ||
| <ul> | ||
|
|
||
| <li>Obtain certificates from a GC-approved certificate source as outlined in the Recommendations for TLS Server Certificates for GC Public Facing Web Services</li> | ||
|
|
@@ -71,7 +71,7 @@ <h1>Read guidance</h1> | |
| </li> | ||
| </ol> | ||
| <br/> | ||
| <p>For any questions or concerns related to the ITPIN and related implementation guidance, contact TBS Cybersecurity (<a href="mailto:[email protected]" class="text-https-blue hover:text-black ">[email protected]</a>).</p> | ||
| <p>For any questions or concerns related to the ITPIN and related implementation guidance, contact TBS Cybersecurity (<a href="mailto:[email protected]" class="text-https-blue hover:text-black">[email protected]</a>).</p> | ||
| </div> | ||
| </section> | ||
| {% endblock %} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,11 +10,11 @@ | |
| <div class="container mx-auto items-center sm:w-4/5 xl:w-3/5 mt-6"> | ||
| <h1>Get help</h1> | ||
| <h2 class=" mb-4">General public</h2> | ||
| <p>For interpretation of any aspect of <a class="text-https-blue hover:text-black " href="https://www.canada.ca/en/treasury-board-secretariat/services/information-technology/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html">Implementing HTTPS for Secure Web Connections: Information Technology Policy Implementation Notice (ITPIN)</a>, contact Treasury Board of Canada Secretariat through Public Enquiries.</p> | ||
| <p>For interpretation of any aspect of <a class="text-https-blue hover:text-black" href="https://www.canada.ca/en/treasury-board-secretariat/services/information-technology/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html">Implementing HTTPS for Secure Web Connections: Information Technology Policy Implementation Notice (ITPIN)</a>, contact Treasury Board of Canada Secretariat through Public Enquiries.</p> | ||
| <h2 class=" mt-4 mb-4">Government of Canada employees</h2> | ||
| <p>Individuals at departments should contact their departmental information technology group for any questions regarding this <abbr title="Information Technology Policy Implementation Notice">ITPIN</abbr>. Individuals can also join the <a href="https://gcconnex.gc.ca/groups/profile/35218846/gc-https-everywhere-2018-https-partout-dans-le-gc-2018?language=en" class="text-https-blue hover:text-black ">HTTPS Everywhere group on GCconnex</a>, or the #HTTPSEverywhere channel on <a href="https://message.gccollab.ca/" class="text-https-blue hover:text-black ">GCcollab Message</a>.</p> | ||
| <p>Individuals from a departmental information technology group may contact the <a href="mailto:[email protected]" class="text-https-blue hover:text-black ">TBS Cyber Security mailbox</a> for interpretations of this <abbr title="Information Technology Policy Implementation Notice">ITPIN</abbr>.</p> | ||
| <p class="mb-8">Individuals with questions about the accuracy of their domain’s compliance data may contact the <a href="mailto:[email protected]" class="text-https-blue hover:text-black ">TBS Cyber Security mailbox</a>. Note that compliance data does not automatically refresh. If you modified your domain recently, there may be a delay before your domain’s information updates.</p> | ||
| <p>Individuals at departments should contact their departmental information technology group for any questions regarding this <abbr title="Information Technology Policy Implementation Notice">ITPIN</abbr>. Individuals can also join the <a href="https://gcconnex.gc.ca/groups/profile/35218846/gc-https-everywhere-2018-https-partout-dans-le-gc-2018?language=en" class="text-https-blue hover:text-black">HTTPS Everywhere group on GCconnex</a>, or the #HTTPSEverywhere channel on <a href="https://message.gccollab.ca/" class="text-https-blue hover:text-black">GCcollab Message</a>.</p> | ||
| <p>Individuals from a departmental information technology group may contact the <a href="mailto:[email protected]" class="text-https-blue hover:text-black">TBS Cyber Security mailbox</a> for interpretations of this <abbr title="Information Technology Policy Implementation Notice">ITPIN</abbr>.</p> | ||
| <p class="mb-8">Individuals with questions about the accuracy of their domain’s compliance data may contact the <a href="mailto:[email protected]" class="text-https-blue hover:text-black">TBS Cyber Security mailbox</a>. Note that compliance data does not automatically refresh. If you modified your domain recently, there may be a delay before your domain’s information updates.</p> | ||
| </div> | ||
|
|
||
| </section> | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -18,23 +18,23 @@ <h1>Lires les directives</h1> | |
|
|
||
| <ul> | ||
|
|
||
| <li>GCconnex : <a href="https://gcconnex.gc.ca/groups/profile/35218846/gc-https-everywhere-2018-https-partout-dans-le-gc-2018" class="text-https-blue hover:text-black ">HTTPS partout dans le GC 2018</a></li> | ||
| <li>GCmessage : <a href="https://message.gccollab.ca/channel/httpseverywhere-httpspartout" class="text-https-blue hover:text-black ">#HTTPSEverywhere-HTTPSpartout</a></li> | ||
| <li>GCconnex : <a href="https://gcconnex.gc.ca/groups/profile/35218846/gc-https-everywhere-2018-https-partout-dans-le-gc-2018" class="text-https-blue hover:text-black">HTTPS partout dans le GC 2018</a></li> | ||
| <li>GCmessage : <a href="https://message.gccollab.ca/channel/httpseverywhere-httpspartout" class="text-https-blue hover:text-black">#HTTPSEverywhere-HTTPSpartout</a></li> | ||
| </ul> | ||
| </li> | ||
|
|
||
| <li class="mb-6">Effectuer un inventaire de tous les domaines et les sous-domaines ministériels. Les sources d’information comprennent les suivantes : | ||
|
|
||
| <ul> | ||
|
|
||
| <li><a href="https://https-partout.canada.ca" class="text-https-blue hover:text-black ">Tableau de bord HTTPS</a> disponible à l’interne</li> | ||
| <li><a href="https://https-partout.canada.ca" class="text-https-blue hover:text-black">Tableau de bord HTTPS</a> disponible à l’interne</li> | ||
| <li>Gestion du portefeuille d’applications (GPA) du SCT</li> | ||
| <li>Unités opérationnelles ministérielles</li> | ||
| </ul> | ||
|
|
||
| </li> | ||
|
|
||
| <li class="mb-6">Fournir une liste à jour de tous les domaines et les sous-domaines des sites Web et des services Web publiquement accessibles au site Web suivant : <a href="https://canada-ca.github.io/pages/soumettre-domaines-institutionnels.html" class="text-https-blue hover:text-black ">Soumettez vos noms de domaine institutionnels</a>.</li> | ||
| <li class="mb-6">Fournir une liste à jour de tous les domaines et les sous-domaines des sites Web et des services Web publiquement accessibles au site Web suivant : <a href="https://canada-ca.github.io/pages/soumettre-domaines-institutionnels.html" class="text-https-blue hover:text-black">Soumettez vos noms de domaine institutionnels</a>.</li> | ||
| <li class="mb-6">Effectuer une évaluation des domaines et des sous-domaines afin de déterminer l’état de la configuration. Les outils disponibles afin d’appuyer cette activité comprennent le tableau de bord HTTPS du gouvernement du Canada (GC), SSL Labs et Hardenize, entre autres.</li> | ||
| <li class="mb-6"> Élaborer un calendrier de mise en œuvre priorisé pour chacun des sites Web et des services Web touchés en suivant l’approche de priorisation recommandée dans l’Avis de mise en œuvre de la Politique sur la technologie de l’information (AMPTI) : | ||
|
|
||
|
|
@@ -55,7 +55,7 @@ <h1>Lires les directives</h1> | |
|
|
||
| </li> | ||
|
|
||
| <li class="mb-6">Selon l’évaluation, et au moyen des <a href="www.gcpedia.gc.ca/wiki/HTTPS_Initiative" class="text-https-blue hover:text-black ">conseils disponibles sur GCpédia</a>, les activités suivantes pourraient être requises : | ||
| <li class="mb-6">Selon l’évaluation, et au moyen des <a href="www.gcpedia.gc.ca/wiki/HTTPS_Initiative" class="text-https-blue hover:text-black">conseils disponibles sur GCpédia</a>, les activités suivantes pourraient être requises : | ||
| <ul> | ||
|
|
||
| <li>Obtenir les certificats d’une source de certificat approuvée par le GC, comme l’indiquent les recommandations concernant les certificats de serveur TLS pour les services Web publics du GC.</li> | ||
|
|
@@ -70,7 +70,7 @@ <h1>Lires les directives</h1> | |
| </li> | ||
| </ol> | ||
| <br/> | ||
| <p>Pour toute question ou préoccupation concernant cet AMPTI et les conseils connexes concernant la mise en œuvre, veuillez communiquer avec l’unité de la Cybersécurité du SCT (<a href="mailto:[email protected]" class="text-https-blue hover:text-black ">[email protected])</a>.</p> | ||
| <p>Pour toute question ou préoccupation concernant cet AMPTI et les conseils connexes concernant la mise en œuvre, veuillez communiquer avec l’unité de la Cybersécurité du SCT (<a href="mailto:[email protected]" class="text-https-blue hover:text-black">[email protected])</a>.</p> | ||
| </div> | ||
| </section> | ||
| {% endblock %} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,10 +10,10 @@ | |
| <div class="container mx-auto items-center sm:w-4/5 xl:w-3/5 mt-6"> | ||
| <h1>Obtenir de l’aide</h1> | ||
| <h2 class=" mb-4">Grand public</h2> | ||
| <p>Pour des explications concernant tout aspect de l’application de <a class="text-https-blue hover:text-black " href="https://www.canada.ca/fr/secretariat-conseil-tresor/services/technologie-information/avis-mise-oeuvre-politique/mise-oeuvre-https-connexions-web-securisees-ampti.html">l’Avis de mise en œuvre de la Politique sur la technologie de l’information (AMPTI) : Mise en œuvre de HTTPS pour les connexions Web sécurisées</a>, veuillez communiquer avec le Secrétariat du Conseil du Trésor du Canada par l’entremise des Renseignements au public.</p> | ||
| <p>Pour des explications concernant tout aspect de l’application de <a class="text-https-blue hover:text-black" href="https://www.canada.ca/fr/secretariat-conseil-tresor/services/technologie-information/avis-mise-oeuvre-politique/mise-oeuvre-https-connexions-web-securisees-ampti.html">l’Avis de mise en œuvre de la Politique sur la technologie de l’information (AMPTI) : Mise en œuvre de HTTPS pour les connexions Web sécurisées</a>, veuillez communiquer avec le Secrétariat du Conseil du Trésor du Canada par l’entremise des Renseignements au public.</p> | ||
| <h2 class=" mb-4 mt-4">Employés du gouvernement du Canada</h2> | ||
| <p>Les fonctionnaires des ministères devraient communiquer avec leur groupe de technologies de l’information respectif pour toute question relative à cet <abbr title="Avis de mise en œuvre de la Politique sur la technologie de l’information">AMPTI</abbr>. Ils peuvent aussi se joindre au groupe <a href="https://gcconnex.gc.ca/groups/profile/35218846/gc-https-everywhere-2018-https-partout-dans-le-gc-2018?language=en" class="text-https-blue hover:text-black "><span lang="en">HTTPS Everywhere</span></a> sur GCconnex ou à la chaîne #<span lang="en">HTTPSEverywhere</span> sur <a href="https://message.gccollab.ca/" class="text-https-blue hover:text-black ">GCcollab</a>.</p> | ||
| <p>Les membres d’un groupe de technologies de l’information d’un ministère peuvent envoyer un courriel à la <a href="mailto:[email protected]" class="text-https-blue hover:text-black ">Cybersécurité du SCT</a> pour obtenir des explications concernant cet <abbr title="Avis de mise en œuvre de la Politique sur la technologie de l’information">AMPTI</abbr>.</p> | ||
| <p>Les fonctionnaires des ministères devraient communiquer avec leur groupe de technologies de l’information respectif pour toute question relative à cet <abbr title="Avis de mise en œuvre de la Politique sur la technologie de l’information">AMPTI</abbr>. Ils peuvent aussi se joindre au groupe <a href="https://gcconnex.gc.ca/groups/profile/35218846/gc-https-everywhere-2018-https-partout-dans-le-gc-2018?language=en" class="text-https-blue hover:text-black"><span lang="en">HTTPS Everywhere</span></a> sur GCconnex ou à la chaîne #<span lang="en">HTTPSEverywhere</span> sur <a href="https://message.gccollab.ca/" class="text-https-blue hover:text-black">GCcollab</a>.</p> | ||
| <p>Les membres d’un groupe de technologies de l’information d’un ministère peuvent envoyer un courriel à la <a href="mailto:[email protected]" class="text-https-blue hover:text-black">Cybersécurité du SCT</a> pour obtenir des explications concernant cet <abbr title="Avis de mise en œuvre de la Politique sur la technologie de l’information">AMPTI</abbr>.</p> | ||
| <p class="mb-8">Les personnes qui ont des questions au sujet de l’exactitude des données sur la conformité de leur domaine peuvent communiquer par courriel avec la <a href="mailto:[email protected]" class="text-https-blue hover:text-black ">Cybersécurité du SCT</a>. Veuillez noter que les données de conformité ne s’actualisent pas automatiquement. Si vous avez modifié votre domaine récemment, il se peut que ses informations ne soient pas encore mises à jour.</p> | ||
| </div> | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| <div class="container mx-auto items-center sm:w-4/5 xl:w-3/5 mt-6"> | ||
| <h1 class="text-4xl sm:text-5xl">Check compliance</h1> | ||
| <h2 class="mb-4 sm:mb-6 text-xl sm:text-2xl">Last updated {{ scan_date | display_date("en") }}</h2> | ||
| <p class="text-lg mb-6">This dashboard reports how federal government websites and web services are meeting good web security practices, as outlined in <a class="text-https-blue hover:text-black " href="https://www.canada.ca/en/treasury-board-secretariat/services/information-technology/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html">Information Technology Policy Implementation Notice (ITPIN): Implementing HTTPS for Secure Web Connections</a>.</p> | ||
| <p class="text-lg mb-6">This dashboard reports how federal government websites and web services are meeting good web security practices, as outlined in <a class="text-https-blue hover:text-black" href="https://www.canada.ca/en/treasury-board-secretariat/services/information-technology/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html">Information Technology Policy Implementation Notice (ITPIN): Implementing HTTPS for Secure Web Connections</a>.</p> | ||
| <p class="text-lg mb-8"><a id="modal-btn" class="text-https-blue hover:text-black" href="#">How do I read this table?</a></p> | ||
| </div> | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.