US Govt Mandates Encryption for All Federal Websites

The US Govt is mandating and pushing forward with the directive which was first proposed in March. Feedback was encouraged and gathered from various independent Internet standard bodies, users and web browser companies in order to improve the final policy which requires all Govt and Federal websites that are accessible to the general public, to use HTTPS (Hypertext Transfer Protocol Secure) by the end of next year in 2016.

When in use, the protocol is often denoted by a green lock icon in the address bar of a web browser. HTTPS encryption is of the norm in financial and banking websites, as well as e-commerce websites such as Amazon, eBay and more where transactions are made securely. The move enhances cyber and web application security inherent in websites that are open to the public.

A new secure standard

Only 31% of nearly 1,200 federal websites offered support for HTTPS encryption and connections as of March 29 and this is certain to change, with the implementation of the new policy. Chief Information Officer of the US, Tony Scott explained in a memorandum to the heads of departments and agencies, the advantages and limitations of HTTPS. He also elaborated on the migration process from current to secure encryption of the websites.

“When migrating existing websites, this can involve a combination of automated and manual effort to update, replace, or remove references to insecure resources. For some websites, this can be the most time consuming aspect of the migration process,” Scott highlights as one of the challenges.

The move makes it harder for third party intruders to intercept sensitive communications and personal data that’s entered onto government websites by public users, enhancing user privacy in a huge way.

On Monday, Tony Scott signed and made official the mandate to deploy HTTPS and use HTTP Strict Transport Security (HSTS), a system which ensures a web browser to always connect to a website via an encrypted HTTPS channel. This adds to the security of the user, in keeping a browser from being redirected or made to access an insecure website.

“With this new requirement, the Federal web community seeks to drive faster internet-wide adoption of HTTPS and promote better privacy standards for the entire browsing public,” the office of the US Chief Information Officer said in a statement.

In implementing HTTPS support that’s mandatory to all federal resources and websites, a stronger privacy standard is created, to safeguard and protect information flow and user privacy.