Today, Federal CIO Tony Scott signed an OMB memorandum to enact the HTTPS-Only Standard for all Federal websites and web services.
OMB first proposed the standard in March and requested comment from the public. During the feedback period, the proposal received numerous comments and suggestions from Internet’s standards bodies, popular web browsers, and concerned citizens [1]. In addition, a public dashboard has been constructed to monitor implementation progress across the Federal web space.
Per the issuance of this Memorandum, all publicly accessible Federal websites must meet the HTTPS-Only Standard by December 31st of 2016.
Private and secure connections are becoming the Internet’s baseline and it is critical that federal websites maintain the highest privacy standards for the users of its online services.
A number of agency CIOs support this effort, including Frank Baitman of HHS, “Many of the security challenges we face can be effectively addressed with sound technology and good security hygiene. HTTPS is one such solution. It’s tested, mature, and relatively easy to implement. By putting HTTPS in place at HHS, we’re prioritizing the privacy of Americans who visit our web sites to learn, and manage their family’s health.”
With this new requirement, the Federal web community seeks to drive faster internet-wide adoption of HTTPS and promote better privacy standards for the entire browsing public.
Read more about the HTTPS-Only Standard from OMBand 18F.
The full set of changes between the proposed and final version of the policy are available on GitHub.