COMPARING TLS AND CERTIFICATE CONFIGURATIONS OF GOVERNMENT AND NON-GOVERNMENT WEBSITES

Loading...
Thumbnail Image
Authors
Glade, Thomas L.
Subjects
transport layer security
cybersecurity
TLS
public key infrastructure
PKI
certificate
web security
HTTPS
asymmetric encryption
hypertext transfer protocol strict transport security
Advisors
Kroll, Joshua A.
Date of Issue
2024-06
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
This thesis seeks to identify the extent to which government has been successful in implementing security policy pertaining to TLS. Current accountability mechanisms mandate government organizations to formulate their internal cybersecurity policy in consultation with federal guidelines. However, internal leadership retains the authority to weigh and accept risks. This study measures adherence by government domains relative to a baseline of private domains not subject to policy mandate. We utilize a list of registered federal government domains and a sample of private sector domains sourced from the Alexa top one thousand and the Forbes Fortune 500 list. We scan and compare these samples for their adherence to the provisions of four government technical standards. We find that mandates to consult guidance are an effective strategy to drive conformance in some cases. While government entities subject to mandates are significantly more likely to implement relatively simple configuration changes, there remain gaps wherein guidelines are not being implemented. In such cases, government cybersecurity configurations closely resemble those of the private sector domains tested. We conclude by examining the possibility of other forces driving configuration decisions. This study aims to better understand the gaps between policy as written and policy as implemented and to explore the effectiveness of government mandates and other possible factors influencing security outcomes.
Type
Thesis
Description
Series/Report No
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Distribution Statement A. Approved for public release: Distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections