Today, the White House’s Office of Management and Budget is releasing a draft proposal for public comment: The HTTPS-Only Standard, at https.cio.gov.
This proposal would require all new and existing publicly accessible federal websites and web services to enforce a secure, private connection with HTTPS.
Feedback and suggestions during this public comment period are encouraged, and can be provided on GitHub or by email.
From the proposal:
Private and secure connections are becoming the Internet’s baseline, as expressed by the policies of the Internet’s standards bodies, popular web browsers, and the Internet community of practice.
The federal government must adapt to this changing landscape, and benefits by beginning the conversion now. Proactive investment at the federal level will support faster internet-wide adoption and promote better privacy standards for the entire browsing public.
At the core of this proposal is the idea that all browsing activity should be considered private and sensitive.
To learn more about why such a standard is so important, read the proposal’s accompanying explanation of why HTTPS should be used for everything, how whitehouse.gov’s move to HTTPS protects users, and 18F’s piece on why we use HTTPS for every .gov we make.