CMS 101

Content management systems have grown more powerful and easier to use, but there are still some important factors for government users to consider.

Shutterstock image (by Ivan Lukyanchuk): web development concept.

“Content management system” is a fancy term for the back end of a website. Such systems do far more than manage web pages, however, and they put power in the hands of even the smallest organizations.

Even the most modest user can create a website whose content includes text, photos and streaming media. The site’s CMS can also send digests to customers via email and offer a fully functional and secure e-commerce gateway. And it can automatically update the user’s Facebook, Twitter and Instagram feeds.

But as things get easier for the average American, they get more complicated for the government. Security, accountability, accessibility, political concerns and scrutiny that intensifies in the wake of failures all place agency IT leaders in an increasingly fragile position.

Why it matters

An agency’s CMS is the point at which public service meets the public. Once agency content is posted online, it is in the public domain forever.

Delivering content management in the public or private sector involves “a lot of the same demands — internal stakeholders with differing needs,” said Eric Uhlir, an associate creative director at Deloitte Digital. Even so, he noted that the government has an added layer of requirements. “Your customers are the citizens of the United States, which is a bigger tent of users.”

That tent includes journalists and activists who file Freedom of Information Act requests. And all that content comes with archiving requirements to ensure that information doesn’t disappear.

All administrations are sensitive to public perception, but the Trump White House has demonstrated that it is fervently so. And considering that the current administration is presided over by one of the world’s most avid Twitter users, content management might be the one process an agency’s IT team must get right.

The fundamentals

CMS refers to web-based applications that publish content. Such systems comprise an interface that allows users with limited training to push content into the world and a delivery system that makes sure it gets there. Technically speaking, a CMS can be used for internal communications, but in those cases, it’s basically indistinguishable from collaboration software.

The three options with the greatest presence on the web are:

  1. WordPress. It is easily the most popular CMS. Virtually every small-business website sits on WordPress. Its major advantages are ease of use and the broad universe of designers and developers with WordPress expertise.
  2. Drupal. It is the most popular platform in the federal government. Although often less intuitive than WordPress, it is considered far more robust and secure. Even so, the Drupal Association’s website downplays the perceived security advantages in favor of touting other attributes, including speed to deployment, low cost and scalability. Drupal also enjoys substantial developer support, and several Drupal-centric firms have teams dedicated to public-sector customers and sell through existing government acquisition vehicles.
  3. Joomla. Second in popularity worldwide to WordPress, Joomla has yet to gain a foothold in government service. Its major strength is the expansive array of third-party components that can be used to customize the system.

All three platforms include account registration, menu management and page layout templates. They are also coded in PHP and available for free via a GNU General Public License. Hosting and site maintenance, of course, are ongoing expenses, and there are upfront costs for the consulting, architecture and design professionals who work on your CMS solution.

Security isn’t the only reason Drupal has deep government roots. Its proponents have been edging their way in ever since Howard Dean’s 2004 presidential primary campaign became the first major political organization to base its web presence on Drupal.

Within months of taking office in 2009, then-President Barack Obama’s team migrated the White House site to Drupal from a proprietary system developed on site. Drupal was selected in part because its developers favored open-source collaboration, but the Trump administration might favor proprietary systems such as Microsoft’s SharePoint, Oracle’s UCM or Percussion’s CM1, all of which have some presence at government agencies. The administration’s preference will likely be revealed if the White House website gets a new platform in the next few months.

The hurdles

There are three main challenges to developing CMS solutions in the federal government: security, expertise and accessibility.

When it comes to security, Drupal has the confidence of the Justice Department, the State Department and, for now, the White House. Even so, the Defense Department has not been as quick to embrace it.

In a 2013 alert that is particularly critical of Joomla, the Department of Homeland Security’s U.S. Computer Emergency Readiness Team said the security issue with CMS solutions in general is that malicious actors can “gain control of web servers and launch distributed denial-of-service attacks against critical infrastructure organizations.”

The alert states that the key to reducing the risk is for IT teams to stay up-to-date on patches for the CMS tools it uses. More detailed instructions for securing web-based servers and services are available in a technical paper published by US-CERT.

As big a concern as security is, however, it’s moot if you can’t build something worth securing. The Drupal community’s wiki defined the skill sets needed to implement CMS, and they are extensive. And even though WordPress is an order of magnitude easier, it is still something agencies might not be able to accomplish in-house. In fact, many developers say that an agency’s existing systems might actually be an obstacle.

“Setting up Drupal in development boxes is one thing,” said an expert who spoke on condition of anonymity, “but being forced at times to implement the CMS in existing enterprise infrastructures can be a pain in the ass.”

Accessibility is another unique requirement of government work, ever since Section 508 of the Rehabilitation Act was amended in 1998 to require agencies to make IT-based services available to people with disabilities.

“We are legally required to make government services accessible to those with disabilities, and that includes websites and web content, especially as more and more government services are delivered digitally,” said Matthew Burrell, a General Services Administration spokesman.

Next steps

What an agency does next is in large part a function of what it has already done.

“Few agencies are starting from zero as content producers,” Burrell said. “Many of them have been publishing since their inception. However, transitioning to a mix of content that includes digital, and then eventually to a digital-first mode, is a major change.”

Perhaps the best way to assess organizational needs would be with the help of 18F, GSA’s digital services consultancy. Born in the wake of the troubled rollout of HealthCare.gov in 2013, 18F’s staff knows all the mistakes that have already been made.

Agencies should begin by defining pain points and making an honest assessment of its current array of technologies and skills. Then they should look for a solution that at a minimum complies with the Federal Risk and Authorization Management Program, the Federal Information Security Modernization Act and Section 508.

In addition, Burrell said that “connecting with communities of practice either within government or outside of government can be extremely helpful.”

Once agencies choose a solution, they must ask themselves who is going to run it. “This requires a lot of ongoing support,” Uhlir said. “You should consider entering into partnership with an agency” that does it full-time.

If an agency decides to run a CMS in-house, his advice is to ensure that the team is expertly trained.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.