Digital Gov

3 in 10 agency websites miss OMB deadline to migrate to HTTPS

Shutterstock image. 

The White House-imposed deadline for federal agencies to transition their websites to the HTTPS communications protocol passed on New Year's Eve, but some agencies' conversions remain a work in progress.

The HTTPS protocol, although it has limitations, provides a more secure connection by establishing an encrypted connection that protects most information exchanged between a website and its user.

In June 2015, the Office of Management and Budget memorandum mandated a government-wide migration from the unencrypted HTTP to HTTPS for "all publicly accessible federal websites and web services," including APIs, by Dec. 31, 2016.

The memo also included a call to prioritize federal domains that involve an exchange of sensitive or personally identifiable information or that receive a substantial traffic.

The OMB mandate's stated goal was to increase the agency adoption of a stronger privacy standard for website security in order to match that of the commercial sector, and to provide a realistic timeline for migration.

A General Services Administration spokesperson told FCW that since the OMB policy was issued, "HTTPS support among executive branch .gov domains has expanded greatly," and added that "web traffic data from analytics.usa.gov suggests that HTTPS is now used for most executive branch .gov web requests."

Most does not mean all. While many agencies have indeed moved to HTTPS, 31 percent of the approximately 1,200 .gov domains monitored by the Pulse dashboard have not completed these conversions.

Pulse was collaboratively built by GSA's 18F and Office of Government-wide Policy to measure progress across all branches of government.

Of the domains tested, 250 received an A+ grade from the Qualys SSL Labs encrypted network communication evaluation, the highest score possible. Many smaller agencies, however, have not yet switched any domains. And the U.S. Postal Service reports HTTPS on just one of six monitored domains, while the Department of Veterans Affairs has moved one of three.

"There is more work to be done in 2017, and agencies should continue closing gaps and preloading as many of their domains as possible," the spokesperson said.

To help transitioning agencies, GSA also launched a help site that provides technical advice and assistance, and "works directly with federal staff who are working through migration issues," the spokesperson added.

GSA declined to comment on the migration status of the agencies who failed to meet the deadline.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.