In June I blogged about work we were doing to update our security guidelines for government digital services.
I’ve just published an update on the progress of that work, and some of the impact it has already had to improve the security of government services.
All new government digital services must now:
- run on a secure HTTPS connections and use HTTP Strict Transport Security (HSTS)
- have published a Domain-based Message Authentication, Reporting & Conformance (DMARC) policy