-
In 2015, the White House Office of Management and Budget released M-15-13, a "Policy to Require Secure Connections across Federal Websites and Web Services" the memo emphasizes the importance of protecting the privacy and security of the public's browsing activities on teh web. This is a guest post by Karim Said of NASA who was instrumental in NASA's successful HTTPS and HSTS migration.
Continue reading about From launch to landing: How NASA took control of its HTTPS mission -
Cameron Dixon at the Department of Homeland Security writes for 18F: To facilitate secure connections for citizens, immigrants, and other users, the Department of Homeland Security began delivering 'HTTPS Reports' directly to federal agencies. We open-sourced the tool we scan with, in collaboration with our colleagues at 18F.
Continue reading about Open source collaboration across agencies to improve HTTPS deployment -
Tracking the U.S. government's progress on moving to HTTPS
January 4, 2017
The White House HTTPS policy generated significant HTTPS adoption in the U.S. government. HTTPS is now used for most web requests to executive branch .gov websites, and the government now outpaces the private sector on HTTPS.
Continue reading about Tracking the U.S. government's progress on moving to HTTPS -
Complexity is the adversary
November 4, 2015
What if we told you that most catastrophic digital security vulnerabilities had one common denominator? One overriding contributor to root causes? Would you believe that one factor is also the biggest impediment to great design and software? That one thing? Complexity.
Continue reading about Complexity is the adversary -
18F uses HTTPS for everything we make, and the U.S. government is in the process of transitioning to HTTPS everywhere. As part of this effort, we've recently partnered with DigitalGov University to produce a two-video series introducing the why's and how's of HTTPS.
Continue reading about An introduction to HTTPS, by 18F and DigitalGov University -
The U.S. government is moving to HTTPS everywhere
June 8, 2015
Today, the White House's Office of Management and Budget (OMB) finalized an HTTPS-Only Standard for all publicly accessible federal websites and web services. This standard is designed to ensure a new, strong baseline of user privacy and security across U.S. government websites and APIs.
Continue reading about The U.S. government is moving to HTTPS everywhere -
The U.S. federal government is launching a new project to monitor how it's doing at best practices on the web. A sort of health monitor for the U.S. government's websites, it's called Pulse, and you can find it at pulse.cio.gov.
Continue reading about Taking the pulse of the federal government's web presence -
For public comment: the HTTPS-only standard
March 17, 2015
Today, the White House's Office of Management and Budget is releasing a draft proposal for public comment: The HTTPS-Only Standard, at https.cio.gov. This proposal would require all new and existing publicly accessible federal websites and web services to enforce a secure, private connection with HTTPS Feedback and suggestions during this public comment period are encouraged, and can be provided on GitHub or by email.
Continue reading about For public comment: the HTTPS-only standard -
The first .gov domains hardcoded into your browser as all-HTTPS
February 9, 2015
Every .gov website, no matter how small, should give its visitors a secure, private connection. Ordinary HTTP (http://) connections are neither secure nor private, and can be easily intercepted and impersonated. In today's web browsers, the best and easiest way to fix that is to use HTTPS (https://).
Continue reading about The first .gov domains hardcoded into your browser as all-HTTPS -
Why we use HTTPS for every .gov we make
November 13, 2014
18F uses HTTPS in every .gov website we make, so that our users have a fast, secure, private connection.
Continue reading about Why we use HTTPS for every .gov we make