HTTPS-Everywhere for Government
Today, the White House Office of Management and Budget (OMB) issued the HTTPS-Only Standard directive, requiring that all publicly accessible Federal websites and web services only provide service through a secure HTTPS connection.
Unencrypted HTTP connections create a vulnerability and expose potentially sensitive information about users of unencrypted Federal websites and services. This data can include browser identity, website content, search terms, and other user-submitted information. To address these concerns, many commercial organizations have already adopted HTTPS-only policies to protect visitors to their websites and services. Today’s action will deliver that same protection to users of Federal websites and services.
Per the issuance of this Memorandum, all publicly accessible Federal websites must meet the HTTPS-Only Standard by December 31st of 2016.
OMB first proposed the HTTPS-Only Standard in March and requested comment from the public. During the feedback period, OMB's proposal received numerous comments and suggestions from Internet’s standards bodies, popular web browsers, and concerned citizens. To assist with the conversion to HTTPS, technical assistance and best-practices for migration are available at https://https.cio.gov – a site that is open to contribution from technical experts around the world. Finally, a public dashboard has been constructed to monitor progress.
HTTPS only guarantees the integrity of the connection between two systems, not the systems themselves. It is not designed to protect a web server from being hacked or compromised, or to prevent the web service from exposing user information during its normal operation.
An HTTPS-Only standard, however, will eliminate inconsistent, subjective decision-making regarding which content or browsing activity is sensitive in nature, and create a stronger privacy standard government-wide.
It is critical that federal websites maintain the highest privacy standards for the users of its online services. With this new action, we are driving faster internet-wide adoption of HTTPS and promoting better privacy standards for the entire browsing public.
Tony Scott is the United States Chief Information Officer.
White House Blogs
- The White House Blog
- Middle Class Task Force
- Council of Economic Advisers
- Council on Environmental Quality
- Council on Women and Girls
- Office of Intergovernmental Affairs
- Office of Management and Budget
- Office of Public Engagement
- Office of Science & Tech Policy
- Office of Urban Affairs
- Open Government
- Faith and Neighborhood Partnerships
- Social Innovation and Civic Participation
- US Trade Representative
- Office National Drug Control Policy
categories
- AIDS Policy
- Alaska
- Blueprint for an America Built to Last
- Budget
- Civil Rights
- Defense
- Disabilities
- Economy
- Education
- Energy and Environment
- Equal Pay
- Ethics
- Faith Based
- Fiscal Responsibility
- Foreign Policy
- Grab Bag
- Health Care
- Homeland Security
- Immigration
- Innovation Fellows
- Inside the White House
- Middle Class Security
- Open Government
- Poverty
- Rural
- Seniors and Social Security
- Service
- Social Innovation
- State of the Union
- Taxes
- Technology
- Urban Policy
- Veterans
- Violence Prevention
- White House Internships
- Women
- Working Families
- Additional Issues