Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

All U.S. Federal Websites to Move to HTTPS

posted by n1 on Wednesday June 10 2015, @06:57AM   Printer-friendly
from the fbi-encryption-prevention dept.

takyon writes:

The White House Office of Management and Budget (OMB) has issued a directive that requires all publicly accessible federal Web sites to adopt HTTPS:

An HTTPS-Only standard will eliminate inconsistent, subjective determinations across agencies regarding which content or browsing activity is sensitive in nature, and create a stronger privacy standard government-wide. Federal websites that do not convert to HTTPS will not keep pace with privacy and security practices used by commercial organizations, and with current and upcoming Internet standards. This leaves Americans vulnerable to known threats, and may reduce their confidence· in their government. Although some Federal websites currently use HTTPS, there has not been a consistent policy in this area. An HTTPS-only mandate will provide the public with a consistent, private browsing experience and position the Federal Government as a leader in Internet security.

United States Chief Information Officer Tony Scott adds:

Per the issuance of this Memorandum, all publicly accessible Federal websites must meet the HTTPS-Only Standard by December 31st of 2016.

OMB first proposed the HTTPS-Only Standard in March and requested comment from the public. During the feedback period, OMB's proposal received numerous comments and suggestions from Internet's standards bodies, popular web browsers, and concerned citizens. To assist with the conversion to HTTPS, technical assistance and best-practices for migration are available at https://https.cio.gov – a site that is open to contribution from technical experts around the world. Finally, a public dashboard has been constructed to monitor progress.

Original Submission

 
This discussion has been archived. No new comments can be posted.
All U.S. Federal Websites to Move to HTTPS | Log In/Create an Account | Top | 12 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Interesting) by Leebert on Wednesday June 10 2015, @12:22PM

    by Leebert (3511) on Wednesday June 10 2015, @12:22PM (#194487)

    They are so confident in their ability to crack SSL, even going forwards, that they want to encourage us to switch to SSL?

    You assume that the US federal government is all of one mind. Working in non-DOD government infosec, I can assure you that there is a substantial contingent of infosec professionals who are dedicated to privacy, and find the NSA activities distasteful. If, for example, you think that what NSA did to NIST didn't piss off NIST [nist.gov] (PDF), you've not spent much time around NIST. Choice quote from that report:

    While it is beyond the remit of this committee to opine on the mission and practices of the National Security Agency, it cannot be accepted that NIST’s responsibilities should be co-opted by the NSA’s intelligence mission. NIST’s responsibility is to identify means of protecting information to the maximum practicable extent and this must be its primary metric and objective.

    This OMB mandate may or may not be a response to the ongoing NSA controversy. Frankly, I think it's more just folks in the Executive Office of the President trying to get a handle on rampant security problems in federal information systems. But it could also be a contingent of folks in just the right position to advance the cause of privacy doing their part to nudge things along.

    Starting Score:    1  point
    Moderation   +4  
       Insightful=1, Interesting=3, Total=4
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5