I’ve recently published an announcement on the Government Technology Blog about changes we’re making to the rules around operating government digital services to improve security.
There’s an extract below, and more detail on the blog.
We’ll be making 2 important updates to the guidelines that will take effect from 1 October 2016. If you run a service on service.gov.uk, you’ll need to be aware of these.
From the beginning of October, your service will need to make sure it:
- runs on secure HTTPS connections and uses HSTS
- has published a Domain-based Message Authentication, Reporting & Conformance (DMARC) policy
If you’re a service manager, you’ll need to speak with your technical team to make sure your service is fully compliant by the October deadline.