Digital Government

RIP, HTTP

Shutterstock image (Dencg) : digital government concept.

In a June 8 memo, the Office of Management and Budget finalized an HTTPS-only standard for federal websites, ditching the insecure HTTP of the past.

The unencrypted HTTP protocol -- which most federal sites currently use – “does not protect data from interception or alteration, which can subject users to eavesdropping, tracking, and the modification of received data,” the OMB memo notes. “An HTTPS-only mandate will provide the public with a consistent, private browsing experience and position the Federal Government as a leader in Internet security.”

"As we've said before, every .gov website, no matter how small, should give its visitors a secure, private connection," the General Services Administration's 18F spokespersons blogged about the announcement. "We're thrilled to see HTTPS become the new baseline for federal web services."

For guidance on the HTTPS migration, agencies can look to https://https.cio.gov/ -- agencies must bring all sites and services into the HTTPS fold by Dec. 31, 2016.

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/Shutterstock.com)

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected