Skip to main content

News & Updates

HTTPS Everywhere for Government

June 8, 2015 - Posted by: Tony Scott

Today, Federal CIO Tony Scott signed an OMB memorandum to enact the HTTPS-Only Standard for all Federal websites and web services.

OMB first proposed the standard in March and requested comment from the public. During the feedback period, the proposal received numerous comments and suggestions from Internet’s standards bodies, popular web browsers, and concerned citizens [1]. To assist with the conversion to HTTPS, technical assistance and best-practices for migration are available at – a site that is open to contribution from technical experts around the world. In addition, a public dashboard has been constructed to monitor implementation progress across the Federal web space.

Per the issuance of this Memorandum, all publicly accessible Federal websites must meet the HTTPS-Only Standard by December 31st of 2016.

Private and secure connections are becoming the Internet’s baseline and it is critical that federal websites maintain the highest privacy standards for the users of its online services.

A number of agency CIOs support this effort, including Frank Baitman of HHS, “Many of the security challenges we face can be effectively addressed with sound technology and good security hygiene. HTTPS is one such solution. It’s tested, mature, and relatively easy to implement. By putting HTTPS in place at HHS, we’re prioritizing the privacy of Americans who visit our web sites to learn, and manage their family’s health.”

With this new requirement, the Federal web community seeks to drive faster internet-wide adoption of HTTPS and promote better privacy standards for the entire browsing public.

Read more about the HTTPS-Only Standard from OMB and 18F.

  1. The full set of changes between the proposed and final version of the policy are available on GitHub.