Tony Scott: HTTPS to Become Standard on All Public Federal Websites, Services

Tony Scott
Tony Scott

Federal CIO Tony Scott has issued guidance for agencies to transition all public-facing federal websites and Web services to Hypertext Transfer Protocol Secure by Dec. 31, 2016, in efforts to ensure a secure connection.

In a memo sent Monday to the heads of executive departments and agencies, Scott said government websites will use the HTTPS protocol in efforts to foster data privacy and security.

He noted that while many agencies already use HTTPS for online services, the guidance builds on previous material from the Office of Management and Budget to increase adoption of the protocol across government.

Scott directed agencies to conduct a risk-based analysis to manage the transition of existing public websites and Web services, while all new websites and services must be available through HTTPS upon launch.

Agencies should also consider factors such as the impact on site performance, support for Server Name Indication, website content, Web clients, flexibility for updates, support for Domain Name System Security and implementation of HTTP Strict Transport Security, he added.

The guidance notes that the use of the unencrypted HTTP protocol makes the agency Web domain vulnerable to threat activities such as tracking, eavesdropping and manipulation of data.

Scott said HTTPS works to check the identity of a website and encrypt most information exchanged between the website and the user.

He also indicated that the adoption of HTTPS is cost-effective in that the benefits outweigh the administrative, development and financial cost of implementation.

Check Also

Cybersecurity Strategy

Updated CISA Federal Cybersecurity Strategy Directs Improved CDM Scores Through FY 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to its action plan for strengthening federal cybersecurity in fiscal years 2020 through 2021. The initiative was led by Matthew Travis, the deputy director of CISA. CISA also cited evolving threat landscapes and limitations in cloud, network and encryption capabilities as challenges.

Leave a Reply

Your email address will not be published. Required fields are marked *