Added TLS changes to align with BCP 195 and FAPI 2.0. Addresses issue: …

…ConsumerDataStandardsAustralia/standards-maintenance#648

slate/source/includes/endpoint-version-schedule/index.html.md

@@ -32,7 +32,7 @@ These dates may be subject to change depending upon new or changed legislative a
 | **Y24 #3** | 2024-07-01 | 1 |
 | **Y24 #4** | 2024-09-09 | 3 |
 | **Y24 #5** | 2024-11-11 | 2 |
-| **Y25 #1** | 2025-03-17 | 0 |
+| **Y25 #1** | 2025-03-17 | 1 |
 | **Y25 #2** | 2025-05-12 | 0 |
 | **Y25 #3** | 2025-07-14 | 0 |
 | **Y25 #4** | 2025-09-08 | 0 |

slate/source/includes/introduction/_fdo.md

@@ -28,3 +28,4 @@ The table below highlights these areas of the standards.
 |[Get Billing For Specific Accounts](#cdr-energy-api_get-billing-for-specific-accounts)|Data Holders **MAY** retire v2 of this endpoint by **September 9th 2024** if they implement v3| September 9th 2024 |
 |[Get Generic Plan Detail](#cdr-energy-api_get-generic-plan-detail)|<ul><li>Data Holders **MUST** implement v3 of this endpoint by **November 11th 2024**</li><li>Data Holder **MAY** retire v2 of this endpoint by **March 3rd 2025**</li></ul>| November 11th 2024 |
 |[Get Energy Account Detail](#cdr-energy-api_get-energy-account-detail)|<ul><li>Data Holders **MUST** implement v4 of this endpoint by **November 11th 2024**</li><li>Data Holder **MAY** retire v3 of this endpoint by **March 3rd 2025**</li></ul>| November 11th 2024 |
+|[Transaction Security Ciphers](#transaction-security)|Data Holders and Data Recipients **MUST** support BCP 195 recommended ciphers for TLS by **March 17th 2025**| March 17th 2025 |

slate/source/includes/introduction/_references.md

@@ -1,9 +1,13 @@
 ## Normative References
 
-
+```diff
++ Added BCP195 to the list of normative references
+- Removed BCP195 from the list of informative references
+```
 
 | **Reference**  | **Description**  | **Version** |
 |-|-|-|
+| <a id="nref-BCP195"></a>**[BCP195]** | Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS): <https://tools.ietf.org/html/bcp195> | |
 | <a id="nref-DCR"></a>**[DCR]**          | OAuth 2.0 Dynamic Client Registration Protocol: <https://datatracker.ietf.org/doc/html/rfc7591>|July 2015
 | <a id="nref-FAPI-1-0-Baseline"></a>**[FAPI-1.0-Baseline]**  | Financial-grade API Security Profile 1.0 - Part 1: Baseline: <https://openid.net/specs/openid-financial-api-part-1-1_0.html> | March 2021
 | <a id="nref-FAPI-1-0-Advanced"></a>**[FAPI-1.0-Advanced]**  | Financial-grade API Security Profile 1.0 - Part 2: Advanced: <https://openid.net/specs/openid-financial-api-part-2-1_0.html> | March 2021
@@ -43,7 +47,6 @@
 | <a id="iref-ACCC"></a>**[ACCC]**                | The Australian Competition and Consumer Commission is responsible for accrediting data recipients to participate in CDR, building and maintaining the Register of data recipients and data holders, providing support and guidance to participants and promoting compliance with the CDR rules and standards, including taking enforcement action where necessary.<br/><https://www.accc.gov.au/focus-areas/consumer-data-right-cdr-0> |
 | <a id="iref-ANZSCO"></a>**[ANZSCO]**            | ANZSCO - Australian and New Zealand Standard Classification of Occupations : <http://www.abs.gov.au/ANZSCO> |
 | <a id="iref-ANZSIC-2006"></a>**[ANZSIC-2006]**  | 1292.0 - Australian and New Zealand Standard Industrial Classification (ANZSIC), 2006 (Revision 2.0)  : <http://www.abs.gov.au/anzsic> |
-| <a id="iref-BCP195"></a>**[BCP195]**            | Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS): <https://tools.ietf.org/html/bcp195> |
 | <a id="iref-CDR"></a>**[CDR]**                  | Consumer Data Right: <https://www.cdr.gov.au>|
 | <a id="iref-E-164"></a>**[E.164]**              | The international public telecommunication numbering plan: <http://www.itu.int/rec/T-REC-E.164-201011-I/en> |
 | <a id="iref-FAPI"></a>**[FAPI]**                | Financial-Grade API - Home Page <https://openid.net/wg/fapi/>|

slate/source/includes/releasenotes/releasenotes.1.32.0.html.md

@@ -21,7 +21,7 @@ This release addresses the following minor defects raised on [Standards Staging]
 
 This release addresses the following change requests raised on [Standards Maintenance](https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues):
 
-- [Standards Maintenance #XXX - Title](https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/XXX)
+- [Standards Maintenance #648 - Adopt BCP 195 for TLS ciphers](https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/648)
 
 
 ### Decision Proposals
@@ -56,7 +56,7 @@ This release addresses the following Decision Proposals published on [Standards]
 ## Information Security Profile
 |Change|Description|Link|
 |------|-----------|----|
-
+| Adopt BCP195 for supported ciphers | Update TLS Cipher requirements to align to FAPI 2.0 and adoption of BCP 195. Addresses [issue 648](https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/648#issue-2383325264). | [Security Profile -> Transaction Security -> Ciphers](../../#transaction-security)|
 
 ## Register Standards
 |Change|Description|Link|

slate/source/includes/security/_transport_security.md

@@ -26,6 +26,15 @@ OAUTB SHALL NOT be supported due to a lack industry support.
 
 ### Ciphers
 
+
+```diff
+Obligation change from March 17th 2025:
+- Removed specific named ciphers
++ Adopted BCP 195
+```
+
+**Until March 17th 2025, the following SHALL requirements apply:**
+
 Only the following cipher suites SHALL be permitted in accordance with [section 8.5](https://openid.net/specs/openid-financial-api-part-2-1_0.html#tls-considerations) of **[[FAPI-1.0-Advanced]](#nref-FAPI-1-0-Advanced)**:
 
 -   TLS\_ECDHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256
@@ -34,4 +43,9 @@ Only the following cipher suites SHALL be permitted in accordance with [section
 The following cipher suites **SHOULD NOT** be supported:
 
 -   TLS\_DHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256
--   TLS\_DHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384
+-   TLS\_DHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384
+
+**From March 17th 2025, the following requirements SHALL apply:**
+
+In addition to [section 8.5](https://openid.net/specs/openid-financial-api-part-2-1_0.html#tls-considerations) of **[[FAPI-1.0-Advanced]](#nref-FAPI-1-0-Advanced)** only cipher suites recommended in **[[BCP 195]](#nref-BCP195)** **SHALL** be permitted.
+