Web Content and SSL

Home Forums Technology Web Content and SSL

This topic contains 4 replies, has 2 voices, and was last updated by  Doug Smith 5 years, 10 months ago.

  • Author
    Posts
  • #152789

    Josh Folk
    Participant

    Wondering if there’s a rule of thumb for government web content/services in regard to SSL. For example, does logging into a web service (e.g. IdeaScale) require SSL if using a government network? If yes, then does all content need to be transfered via SSL or just log-in?

    I’m assuming that each agency will have its own requirements, but thought a general rule might apply.

    Thanks for any guidance!

  • #152797

    Doug Smith
    Participant

    I have done government websites for Department of Education, NRC,DoD and they ALL required SSL, even a privately generated SSL for communication between the web server and the data server. This is all part of the certification and acrredtation process required by NIST and DIACAP. so I would anser yes to your question.

  • #152795

    Josh Folk
    Participant

    Thanks for the feedback Doug!

  • #152793

    Doug Smith
    Participant

    Anytime. If you need any certification and accreditation services let me know.

  • #152791

    Doug Smith
    Participant

    NIST requires all dynamic content to be under an ssl. You’re right that each agency has their own requirements which to me don’t make sense as every agency’s IT security should fall under NIST 80-53. I know I even had to generate a private SSL so the web server could communicate to with the data server even though they were on the same subnet.

You must be logged in to reply to this topic.