Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Germany to mandate minimum security standards for web browsers in government

Germany is mandating the use of secure, modern web browsers across government networks with a proposal for minimum standards currently open to consultation.

The Federal Office for Information Security (BSI) released a draft set of minimum standards in July. The agency hopes that the standards will bolster governmental cyber-resilience and better protect sensitive data. Leading browsers incorporate multiple features that block or mitigate a variety of common web-based attacks.

The proposed standard covers both desktop and mobile browsers, whereas previous security guidance only applied to desktop browsers on government PCs and workstations.

Following the consultation, the BSI expects the minimum standard to be mandated across government systems. The move will bar federal employees from using non-compliant browsers, such as the now-deprecated Internet Explorer, on government business.

Most of the security and privacy technologies prescribed by the BSI are available in most modern browsers. These include supporting certificates to the X.509 standard, encrypting connections to the server, and supporting for HSTS (HTTP Strict Transport Security).

Browsers also need to support a mechanism for automatic updates, with updates only carried out if an integrity check is successful. And they must implement a same-origin policy (SOP), so that documents and scripts cannot access resources, such as text and graphics, from other websites.

‘Very encouraging’

“The minimum standards being put forward by the BSI are very encouraging,” Simon Backwell, information security manager at Benefex and a member of the ISACA Emerging Trends Working Group, told The Daily Swig.

“Many of these standards are already what companies look for in software, so to extend them to browsers too ensures that organizations, especially government agencies or private sector companies within Germany, consider all aspects of their working environments. Most, if not all, modern browsers meet the standards, so there should be limited impact for organizations running these.”

And, as many browsers are based on the same core code – from Google’s open source Chromium project – government agencies will find it easy to comply.

“All modern browsers are already very secure (ignoring privacy), with most of them sharing the exact same engine and therefore sharing the same security features and encryption capabilities,” Tarquin Wilton Jones, a developer and security expert at browser company Vivaldi, told The Daily Swig.

“In general, browsers have been at the forefront of making secure connections, and implementing security features such as sandboxing.”

The move is, he added, aimed more at improving security in government IT than at changing the way browsers are designed. However, he cautioned that the way some browsers do not allow users to turn off telemetry or vendor tracking data could cause compliance issues.

Interested parties in Germany have until 19 August to respond to the consultation.

Source: https://portswigger.net/daily-swig/germany-to-mandate-minimum-security-standards-for-web-browsers-in-government

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

Actors linked to adversarial nations — namely China and Russia — worked across platforms to push inaccurate content, according to a report released Tuesday....

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

The Cybersecurity and Infrastructure Security Agency advocates constant communication and education as cyber threat mitigative measures. The Cybersecurity and Infrastructure Security Agency released its...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO