From 9f65946dd1d46b957900087acaca49c9f361a8f1 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Mon, 26 Apr 2021 11:13:18 -0400 Subject: [PATCH 1/2] Bump version from 1.1.13 to 1.1.14 --- version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.txt b/version.txt index 9ea63db..e9bc149 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -1.1.13 +1.1.14 From 523e9cf451f56fdf683149898bd8eabbd4f9400d Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Mon, 26 Apr 2021 11:15:59 -0400 Subject: [PATCH 2/2] Update current-federal.csv URL @h-m-f-t officially moved current-federal.csv to cisagov/dotgov-data this morning. --- report/https_scan_report.mustache | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/report/https_scan_report.mustache b/report/https_scan_report.mustache index 577b029..2cb7a51 100644 --- a/report/https_scan_report.mustache +++ b/report/https_scan_report.mustache @@ -366,7 +366,7 @@ This weekly report, created by the \href{https://www.cisa.gov/}{Cybersecurity an \subsection*{Overview} \vspace*{-3mm} \raggedright -We measure the presence and enforcement of HTTPS for your agency's publicly-accessible .gov domains. \textbf{This report includes all agency-registered \href{https://github.com/GSA/data/blob/master/dotgov-domains/current-federal.csv}{second-level .gov domains} and known subdomains}, collectively referred to as ``hostnames" in this document (see the \hyperref[app:methodology]{\color{dhs-blue}{Methodology}} section for a description of how these hostnames are collected). Hostnames which do nothing but redirect to other websites \textit{are} measured. Hostnames that did not respond to HTTP/HTTPS requests are considered `non-web' and are removed from the compliance figures below. +We measure the presence and enforcement of HTTPS for your agency's publicly-accessible .gov domains. \textbf{This report includes all agency-registered \href{https://github.com/cisagov/dotgov-data/blob/main/current-federal.csv}{second-level .gov domains} and known subdomains}, collectively referred to as ``hostnames" in this document (see the \hyperref[app:methodology]{\color{dhs-blue}{Methodology}} section for a description of how these hostnames are collected). Hostnames which do nothing but redirect to other websites \textit{are} measured. Hostnames that did not respond to HTTP/HTTPS requests are considered `non-web' and are removed from the compliance figures below. <<&agency>> owns \numprint{<>} second-level .gov domains and CISA discovered \numprint{<>} subdomains. Of these, \textbf{\numprint{<>} hostnames responded to HTTP/HTTPS requests over the public Internet:} \begin{itemize}[topsep=-6pt, itemsep=0pt] @@ -685,7 +685,7 @@ Each domain and subdomain is assessed on four ``endpoints":\\ \item \textbf{http://\hspace{5em}}2. \textbf{http://www\hspace{5em}}3. \textbf{https://\hspace{5em}}4. \textbf{https://www} \end{enumerate} \vspace*{2mm} -Data from these endpoints is used to characterize the overall behavior of a hostname. These measurements are performed using \texttt{pshtt}, our \href{https://github.com/cisagov/pshtt}{open source HTTPS scanner}. All owned \href{https://github.com/GSA/data/blob/master/dotgov-domains/current-federal.csv}{.gov domains} and known subdomains are included. Subdomains are gathered from the following sources: +Data from these endpoints is used to characterize the overall behavior of a hostname. These measurements are performed using \texttt{pshtt}, our \href{https://github.com/cisagov/pshtt}{open source HTTPS scanner}. All owned \href{https://github.com/cisagov/dotgov-data/blob/main/current-federal.csv}{.gov domains} and known subdomains are included. Subdomains are gathered from the following sources: \begin{itemize}[topsep=-6pt, itemsep=0pt] \item General Services Administration's Digital Analytics Program (DAP), which nightly publishes a \href{https://analytics.usa.gov/data/live/sites-extended.csv}{dataset of federal hostnames} for which the DAP observed at least one recorded visit in the previous 14 days. \item \href{https://censys.io}{Censys} is used to query the `Common Name' field and `Subject Alternative Name' extension on X.509 certificates found on Federal .gov sites, derived from scans of the IPv4 space and from certificates submitted to public Certificate Transparency logs.