US Makes HTTPS Mandatory for All New .Gov Websites

To increase the security of the government websites that are usually targetted by the hackers, United States will default to HTTPS to all the new .gov websites starting this year.

During the administration of Obama, the government has set December 31 as the deadline for all government websites to switch to HTTPS, but from some unofficial stats, we know that only 60 percent of these websites actually completed did the transition.

Now the General Services Administration announced that from 2017, all new .gov websites will have HTTPS automatically.

“As new executive branch domains have been registered, dotgov.gov program will submit all these websites to the web browsers for “preloading”. After the submission, nearly three organisation time is taken to complete the “preloading” in the modern browsers. All these changes will be issued to the dotgov customers when they register a new domain now under the Executive Branch, and will not have any effect on existing or any renewed domains,” reads the announcement.

GSA says that the HTTPS will be applied to all subdomains of freshly registered executive .gov websites, that include intranet web sites, saying that sticking with HTTP even for the intranet is not at all secure and is  “discouraged.”

If you are to have a target date, GSA claims it is aiming for this new measure to take place in the spring of 2017, and the domain customers will be notified 30 days before changes taken place.

“GSA provides extensive guidance to agencies on HTTPS deployment at https.cio.gov and encourages .gov domain owners to obtain low cost or free certificates, trusted by the general public. As a general matter, more expensive certificates do not offer more security value to service owners, and automatic deployment of free certificates can significantly improve service owners’ security posture,” the GSA adds.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA