The US government has shown its mandate on backing HTTPS across its Federal websites and web services, as it will make the access safer for anyone using the government sites.
The White House Office of Management and Budget (OMB) issued the HTTPS-Only Standard directive as the unencrypted TTP connections create vulnerability and expose potentially sensitive information about users of unencrypted federal websites and services.
The acronym HTTPS stands for Hypertext Transfer Protocol Secure and it is being used by many commercial organizations to protect visitors to their websites and services which can include data like browser identity, website content, search terms, and other user-submitted information.
OMB received many comments and suggestions from web browsers, Internet-related organizations and concerned people related to its proposal for the implementation of HTTPS-Only Standard. For the conversion to HTTPS, assistance at https://https.cio.gov is available. And a dashboard has been created to keep a track of the process.
"Per the issuance of this memorandum, all publicly accessible federal websites must meet the HTTPS-Only Standard by 31 December 2016”, said Tony Scott, US Chief information Officer in a White House blog post.
He also added that HTTPS only assures the reliability of the connection between two systems, not the systems themselves. It is not designed to protect a web server from being hacked, or to keep a check from revealing the user information during the normal operation of a web service.
“An HTTPS-Only standard, however, will eliminate inconsistent, subjective decision-making regarding which content or browsing activity is sensitive in nature, and create a stronger privacy standard government-wide.”, Scott summed up in the White House blog post.
