29 Aug How to turn on HTTPS company-wide in one swoop
For every website and service simplifying how we get information, complete a transaction, or communicate with others, there’s a growing number of web-based threats intent on compromising user safety and privacy. Securing all web content over HTTPS is now a necessary step as we increase our dependence on the internet.
“There is no longer any justification for any service on the internet to not be secure,” said Eric Mill, an engineer at 18F, a team within the United States General Services Administration (GSA) that provides in-house technology services for the federal government. He is working with various federal agencies to shift all government web services through HTTPS and HSTS (HTTP Strict Transfer Security).
The White House OMB (Office of Management and Budget) issued the HTTPS Only Standard directive (M-15-13) on June 8, 2015, requiring that all publicly accessible federal websites and web services be available only over a secure connection. Under the directive, existing websites and services have until Dec. 31, 2016, to make the switch. As of August, 52 percent of federal websites and services are using HTTPS, and Mill was confident the remaining ones will meet the deadline.