US Government To Have All Its Websites Begin Using HTTPS
As part of a new initiative to maintain security and privacy on its websites, both for users and itself, the U.S. government has announced a plan to make HTTPS a standard for all its public federal sites. The goal is to have all sites using HTTPS encryption by December 31, 2016. The White House is even sharing its proposed and final versions of the policy, posting both on Github, allowing the public to compare for themselves.
18F, an internal government data agency, says that the changes will help bring about a "new, strong baseline of user privacy and security across U.S. government websites and APIs." The agency has long been in support of adopting HTTPS across the board, feeling that every .gov website should be able to provide a secure connection.
In the meantime, there is a website showing how many federal websites have made the transition, and even gives them a grade from SSL Labs. For example, at this time 31% of the government's sites are using HTTPS, with 18F's site and the Alcohol, Tobacco and Firearms (ATF) agency's site getting scores of A+ due to enforcing HTTPS. A site that uses HTTPS, but doesn't enforce it or use Strict Transport Security, such as the House of Representatives, gets an F from SSL Labs.
With these changes, the government will bring its website security up to the same standards used widely in the private sector. The White House adds that it will help push HTTPS adoption across the entire internet, with the benefits being better privacy for the public.
SOURCE: 18F
MORE: WhiteHouse.gov