Table of contents

Maintained by Default

We believe that technology should be Maintained by Default, particularly in relation to security.

h/t https://www.ncsc.gov.uk/articles/secure-default

Good technical maintenance is security maintenance

Technical maintenance isn’t just about patching or upgrades (but they often play a large and important part of maintenance) but more of refreshing designs, methods and approaches to leverage new technologies to increase quality, speed and performance and reducing costs.

Good technical maintenance (including patching and upgrades) includes security benefits whether that is patching a known security issue through to implementing newer cryptography methods that both benefit security but also reduce computational effort or enhance user privacy.

Good technical maintenance (just like other release or change paths) should include an appropriate amount of testing (outside of production) to understand any negative consequences of changes.

Commodity technical maintenance

The Ministry of Justice (MoJ) expect technology systems to be maintained to ensure the commodity functional elements do not become end of life, or cease function as a result.

Examples include:

  • [automated] certificate renewals

  • upgrading of hashing methods to implement new standards once they become commonly accepted best practices

  • upgrading from SSL v3 to TLS, and from TLS1.[0/1] to TLS1.2, ultimately into TLS1.3 (and beyond)

Contact and Feedback

For any further questions or advice relating to security, or for any feedback or suggestions for improvement, contact: security@justice.gov.uk.