Dutch government websites must comply with the security.txt standard from 25 May. This is announced by the Digital Trust Center of the National Government.
The mandatory security standard applies to all governments, such as the national government, the provinces, municipalities and water boards. Other organizations in the public sector are urgently advised to apply the standard, the government’s cyber organization Digital Trust Center indicates.
The obligation comes from the Central Government Standardization Forum and is in line with the Government Information Security Baseline (BIO). This guideline prescribes that government organizations must have a procedure for receiving and handling vulnerability reports.
The security.txt file on a web server contains the contact information for making contact if any vulnerabilities are found on that server. The aim is that, for example, ethical hackers can immediately contact the right person or department to tackle the vulnerability.
As a result, vulnerabilities must be resolved more quickly and cybercriminals have less chance.
Also for business
In addition to the government, the Digital Trust Center hopes that the standard will also be adopted by the business community. The standard is already being used to warn businesses more quickly in the event of serious cyber threats. The more companies embrace the standard, the faster communication can go.
The number of Dutch domain names with a security.txt file now stands at more than 88,000.
Read also: RPKI certificates mandatory for all government systems