Private and public sector organizations share a common goal in hosting Internet websites: making sure that connections with customers and citizens are secure. Google and Mozilla, for example, are among many entities promoting Internet security via the adoption of Hyper Text Transfer Protocol Secure technology, or HTTPS, versus the basic and less secure HTTP technology that underpins Internet service.
Within the public sector, the federal chief information officer and the General Services Administration are promoting HTTPS as well. GSA recently notified federal agencies that it had developed a program designed to ensure that all new federal websites would be provided connection security automatically through the use of HTTPS encryption capabilities. The program will be launched sometime this spring, GSA said.
“This year, GSA will be taking another significant step forward in making secure communication the default for federal Web services by automatically enforcing HTTPS in modern Web browsers for newly issued executive branch ‘dot-gov’ (.gov) domains and their subdomains,” GSA said in a notice published earlier this year.
GSA has supported HTTPS adoption actively, especially in regard to a 2015 White House directive requiring that all new federal Web services support and enforce HTTPS connections over the public Internet, and that federal agencies migrate existing Web services to HTTPS by the end of last year.
For example, if an agency were to register a dot-gov site in May, GSA would communicate to Web browsers that the new site should be enforced as HTTPS-only. Within a few months of that time, any attempt by a user to visit the newly created HTTP site would cause their browser to redirect automatically to an HTTPS designated domain. The agency that registered the new dot-gov site would have to, on its own, configure HTTPS support so that users could navigate to the website successfully.
GSA expects the security adoption process to go fairly smoothly.
“HTTPS is a standard protocol used for an increasingly large class of Web services. Certificates can be obtained inexpensively or for free,” GSA said in a statement provided to the E-Commerce Times by spokesperson Cat Langel.