Website owners must commit to continuously trying to improve security on their website. By applying for a Mitigate-5 Certification, website owners by default agree to this requirement.
Why implement HTTPS
Security is a process, not an event, and the responsible action is to continuously try to apply security controls in line with good industry practices and standards.
Mitigate-5 requires a commitment to continuous improvement for the following core reasons:
Before a continuous improvement process
After buying an SSL Certificate
- Periodically monitor and assess the performance of the improvement process to identify and fix inefficiencies.
- Certificate mismatch – Use a certificate that covers all the domain and sub-domains your website uses, or browsers will show users a warning telling them the website is unsafe (because the certificate doesn’t match the domain it’s assigned).