Federal CIO Tony Scott has signed an OMB memo setting forth HTTPS as the required protocol for all federal websites and web services.
Technical assistance and best practices are available at https://https.cio.gov and a public dashboard has been constructed to monitor implementation progress across federal web properties, according to a post on CIO.gov.
It said all federal websites must meet the https-only standard by the end of the 2016 calendar year. Switching from http to https entails development time and costs including the purchase price of an SSL certificate and installation and maintenance.
Websites currently operating over http will have to ensure all the assets that comprise web pages are served over https including images and external libraries to avoid an “insecure” content warning in browsers. There will be an administrative burden to ensuring the universal adoption and usage of https for agencies, but switching protocols is not a major challenge and is an improvement.
