-
From launch to landing: How NASA took control of its HTTPS mission
on May 25, 2017
In 2015, the White House Office of Management and Budget released M-15-13, a "Policy to Require Secure Connections across Federal Websites and Web Services" the memo emphasizes the importance of protecting the privacy and security of the public's browsing activities on teh web. This is a guest post by Karim Said of NASA who was instrumental in NASA's successful HTTPS and HSTS migration.
-
Open source collaboration across agencies to improve HTTPS deployment
on January 6, 2017
Cameron Dixon at the Department of Homeland Security writes for 18F: To facilitate secure connections for citizens, immigrants, and other users, the Department of Homeland Security began delivering 'HTTPS Reports' directly to federal agencies. We open-sourced the tool we scan with, in collaboration with our colleagues at 18F.
-
Tracking the U.S. government's progress on moving to HTTPS
on January 4, 2017
The White House HTTPS policy generated significant HTTPS adoption in the U.S. government. HTTPS is now used for most web requests to executive branch .gov websites, and the government now outpaces the private sector on HTTPS.
-
Complexity is the adversary
on November 4, 2015
What if we told you that most catastrophic digital security vulnerabilities had one common denominator? One overriding contributor to root causes? Would you believe that one factor is also the biggest impediment to great design and software? That one thing? Complexity.
-
An introduction to HTTPS, by 18F and DigitalGov University
on July 16, 2015
18F uses HTTPS for everything we make, and the U.S. government is in the process of transitioning to HTTPS everywhere. As part of this effort, we've recently partnered with DigitalGov University to produce a two-video series introducing the why's and how's of HTTPS.
-
The U.S. government is moving to HTTPS everywhere
on June 8, 2015
Today, the White House's Office of Management and Budget (OMB) finalized an HTTPS-Only Standard for all publicly accessible federal websites and web services. This standard is designed to ensure a new, strong baseline of user privacy and security across U.S. government websites and APIs.
-
Taking the pulse of the federal government's web presence
on June 2, 2015
The U.S. federal government is launching a new project to monitor how it's doing at best practices on the web. A sort of health monitor for the U.S. government's websites, it's called Pulse, and you can find it at pulse.cio.gov.
-
For public comment: the HTTPS-only standard
on March 17, 2015
Today, the White House's Office of Management and Budget is releasing a draft proposal for public comment: The HTTPS-Only Standard, at https.cio.gov. This proposal would require all new and existing publicly accessible federal websites and web services to enforce a secure, private connection with HTTPS Feedback and suggestions during this public comment period are encouraged, and can be provided on GitHub or by email.
-
The first .gov domains hardcoded into your browser as all-HTTPS
on February 9, 2015
Every .gov website, no matter how small, should give its visitors a secure, private connection. Ordinary HTTP (http://) connections are neither secure nor private, and can be easily intercepted and impersonated. In today's web browsers, the best and easiest way to fix that is to use HTTPS (https://).
-
Why we use HTTPS for every .gov we make
on November 13, 2014
18F uses HTTPS in every .gov website we make, so that our users have a fast, secure, private connection.
Back to
18F Blog