_posts/2015-03-17-for-public-comment-the-https-only-standard.md from 18F/18f.gsa.gov

_posts/2015-03-17-for-public-comment-the-https-only-standard.md
Summary

Maintainability

Test Coverage

Issues
---
title: "For public comment: the HTTPS-only standard"
date: 2015-03-17 10:00:00
layout: post
image: /assets/blog/https-standard/screen.png

tags:
- security
- https
- best practices

authors:
- eric
- gray

excerpt: "Today, the White House's Office of Management and Budget is releasing a draft proposal for public comment: The HTTPS-Only Standard, at https.cio.gov.

This proposal would require all new and existing publicly accessible federal websites and web services to enforce a secure, private connection with HTTPS

Feedback and suggestions during this public comment period are encouraged, and can be provided on GitHub or by email."
description: "Today, the White House's Office of Management and Budget is releasing a draft proposal for public comment: The HTTPS-Only Standard, at https.cio.gov.

This proposal would require all new and existing publicly accessible federal websites and web services to enforce a secure, private connection with HTTPS

Feedback and suggestions during this public comment period are encouraged, and can be provided on GitHub or by email."
---

Today, the White House's Office of Management and Budget is releasing a draft proposal for public comment: **The HTTPS-Only Standard**, at **[https.cio.gov](https://https.cio.gov)**.

This proposal would require all new and existing publicly accessible federal websites and web services to enforce a [secure, private connection with HTTPS](https://18f.gsa.gov/2014/11/13/why-we-use-https-in-every-gov-website-we-make/).

Feedback and suggestions during this public comment period are encouraged, and can be provided [on GitHub](https://github.com/GSA/https/tree/readme#we-want-your-feedback) or [by email](mailto:https@cio.gov).

From [the proposal](https://https.cio.gov):

> Private and secure connections are becoming the Internet’s baseline, as expressed by the policies of the Internet’s [standards](https://w3ctag.github.io/web-https/) [bodies](http://www.internetsociety.org/news/internet-society-commends-internet-architecture-board-recommendation-encryption-default), popular web browsers, and the Internet community of practice.
>
> The federal government must adapt to this changing landscape, and benefits by beginning the conversion now. Proactive investment at the federal level will support faster internet-wide adoption and promote better privacy standards for the entire browsing public.

At the core of this proposal is the idea that **all browsing activity should be considered private and sensitive**.

To learn more about why such a standard is so important, read the proposal's accompanying explanation of [why HTTPS should be used for everything](https://https.cio.gov/everything/), how [whitehouse.gov's move](https://twitter.com/18F/status/575513335103426561) to HTTPS [protects users](https://twitter.com/ariherzog/status/575743461225275392), and 18F's piece on [why we use HTTPS for every .gov we make](https://18f.gsa.gov/2014/11/13/why-we-use-https-in-every-gov-website-we-make/).