Tech

Government moves to HTTPS standard for its public sites

U.S. CIO Tony Scott announced Monday that all publicly accessible Federal websites and web services only provide service through a secure HTTPS connection.

By Greg Otto

June 9, 2015

Over the next year and a half, government websites will become a bit more secure.

The White House’s Office of Management and Budget issued a memorandum Monday to secure all connections to publicly accessible federal websites through the HTTPS standard.

“Unencrypted HTTP connections create a vulnerability and expose potentially sensitive information about users of unencrypted federal websites and services,” federal CIO Tony Scott wrote in a White House blog post. “This data can include browser identity, website content, search terms, and other user-submitted information. To address these concerns, many commercial organizations have already adopted HTTPS-only policies to protect visitors to their websites and services. Today’s action will deliver that same protection to users of federal websites and services.”

All sites are required to be HTTPS-only by Dec. 31, 2016, with OMB pushing for existing sites that hold personally identifiable information, or PII, to “prioritize deployment.” To facilitate this change, a guide posted at https.cio.gov will help agencies with the technical and financial challenges associated with the shift.

“OMB affirms that tangible benefits to the American public outweigh the cost to the taxpayer,” the memorandum reads. “Even a small number of unofficial or malicious websites claiming to be federal services, or a small amount of eavesdropping on communication with official U.S. government sites could result in substantial losses to citizens.”

The official directive comes after a draft standard was released in March, which saw comments from organizations like the Internet Architecture Board, Electronic Frontier Foundation and the American Civil Liberties Union, along with tech companies Google and Mozilla. Those two companies have announced in the past months that HTTP-only traffic will be phased out over the coming months.

The General Services Administration’s 18F office, which now monitors what federal websites are HTTPS-ready, wrote in a blog post that it is an “enthusiastic supporter of the initiative.”

“As we’ve said before, every .gov website, no matter how small, should give its visitors a secure, private connection,” the post read. “We’re thrilled to see HTTPS become the new baseline for federal web services.”

Government moves to HTTPS standard for its public sites

More Like This

OSTP director renews calls for more NAIRR, AI R&D funding

Alondra Nelson among Biden’s selections for National Science Board

The federal government wants to teach workers about AI prompt engineering

Top Stories

EPA CIO Vaughn Noga details slew of new modernization efforts underway

Federal data, security leaders release zero-trust guide ahead of White House deadline

OpenAI further expands its generative AI work with the federal government

USAID updated policy to allow use of Signal, Telegram in some circumstances

Federal CIO: The TMF has been vital to government’s improved cybersecurity stature

Commerce looking to publish AI-ready data guidance in coming months

GSA chief advocates for simplified cloud buying, ‘best value’ contracting as Congress considers legislation

How federal IT officials are navigating the post-AI executive order ‘hype cycle’

More Scoops

U.S. agencies publish plans to comply with White House AI memo

White House releases final guidance for 2024 AI use case inventories

New guidance aims to make FedRAMP ‘a security-first program,’ OMB official says

White House releases long-awaited FedRAMP modernization guidance for agencies, cloud service providers

Harris likely to combine Biden AI policies with Silicon Valley-informed approach

FedRAMP ‘undeniably’ in state of limbo without final OMB modernization guidance, Rep. Connolly says

With its expiration date looming, the CDO Council waits on missing White House guidance

Latest Podcasts

The Biden administration releases a new zero-trust data guide; How the GSA is working to teach federal employees about AI prompt engineering

How CMS is approaching AI adoption with CDSO Andrea Fletcher

What AI means for public sector training and upskilling

What’s at stake in the AI national security memo; the DOD braces to modernize defenses against quantum hacking

Tech

Defense

Cyber

FedScoop TV