Digital Gov

3 in 10 agency websites miss OMB deadline to migrate to HTTPS

Shutterstock image. 

The White House-imposed deadline for federal agencies to transition their websites to the HTTPS communications protocol passed on New Year's Eve, but some agencies' conversions remain a work in progress.

The HTTPS protocol, although it has limitations, provides a more secure connection by establishing an encrypted connection that protects most information exchanged between a website and its user.

In June 2015, the Office of Management and Budget memorandum mandated a government-wide migration from the unencrypted HTTP to HTTPS for "all publicly accessible federal websites and web services," including APIs, by Dec. 31, 2016.

The memo also included a call to prioritize federal domains that involve an exchange of sensitive or personally identifiable information or that receive a substantial traffic.

The OMB mandate's stated goal was to increase the agency adoption of a stronger privacy standard for website security in order to match that of the commercial sector, and to provide a realistic timeline for migration.

A General Services Administration spokesperson told FCW that since the OMB policy was issued, "HTTPS support among executive branch .gov domains has expanded greatly," and added that "web traffic data from analytics.usa.gov suggests that HTTPS is now used for most executive branch .gov web requests."

Most does not mean all. While many agencies have indeed moved to HTTPS, 31 percent of the approximately 1,200 .gov domains monitored by the Pulse dashboard have not completed these conversions.

Pulse was collaboratively built by GSA's 18F and Office of Government-wide Policy to measure progress across all branches of government.

Of the domains tested, 250 received an A+ grade from the Qualys SSL Labs encrypted network communication evaluation, the highest score possible. Many smaller agencies, however, have not yet switched any domains. And the U.S. Postal Service reports HTTPS on just one of six monitored domains, while the Department of Veterans Affairs has moved one of three.

"There is more work to be done in 2017, and agencies should continue closing gaps and preloading as many of their domains as possible," the spokesperson said.

To help transitioning agencies, GSA also launched a help site that provides technical advice and assistance, and "works directly with federal staff who are working through migration issues," the spokesperson added.

GSA declined to comment on the migration status of the agencies who failed to meet the deadline.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.