Summary
To ensure sensitive authentication data is properly protected in line with National Cyber Security Centre (NCSC) and Internet Engineering Task Force (IETF) guidance and best practice, we stated that protective measures will be used to stop all use of deprecated TLS from 1 July 2025.
IT teams need to:
-
update to the latest version of Identity Agent
-
if this is not possible, apply registry settings to legacy versions of Identity Agent
Failure to update could result in authentication issues and service disruption.
Key dates in detail
In line with stopping deprecated TLS, the Care Identity Service (CIS) will begin a phased approach to blocking traffic to its CIS1 Authentication Service where deprecated TLS (1.0 / 1.1) is detected.
This phased blocking period will be:
-
Tuesday 8 July, from 14:00 to 15:00 (1 hour)
-
Mondays 4, 11, and 18 August, from 14:00 to 15:30 (1.5 hours each Monday)
-
Tuesday 26 August, from 14:00 to 15:30 (1.5 hours)
-
Monday 1 September to Monday 29 September, from 14:00 to 16:00 (2 hours each day)
The service will be permanently blocked from Tuesday 30 September at 16:00.
Actions to take
Ahead of these outages you must ensure your organisation is using the latest NHS Identity Agent by identifying and updating machines using older versions.
You may wish to instead follow the advice to disable TLS 1.0 and 1.1 by following this the guidance to update the registry settings of users’ machines.
If you need assistance moving away from TLS 1.0 and 1.1 then please contact us as soon as possible via the following channels:
Tel: 0300 3 035 035
Email: [email protected]
