The HTTPS-Only Standard for federal domains (M-15-13), and implementation guidance.
Switch branches/tags
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
_data Design overhaul to use US Web Design Standards (#235) Oct 23, 2017
_includes Design overhaul to use US Web Design Standards (#235) Oct 23, 2017
_layouts Design overhaul to use US Web Design Standards (#235) Oct 23, 2017
assets Design overhaul to use US Web Design Standards (#235) Oct 23, 2017
compliance BOD 18-01 (web) analysis (#247) Jun 20, 2018
pages remove MITM reference, unneeded Dec 10, 2018
resources for now, update OMB M-memo links to obama whitehouse archive URLs (#226) Jan 27, 2017
.cfignore same for compliance/ dir Apr 23, 2018
.codeinventory.yml Create a code inventory YAML file (#220) Nov 23, 2016
.gitignore BOD 18-01 (web) analysis (#247) Jun 20, 2018
.nvmrc Design overhaul to use US Web Design Standards (#235) Oct 23, 2017
CONTRIBUTING.md remove dupe license stuff, standardize Feb 9, 2015
Gemfile Design overhaul to use US Web Design Standards (#235) Oct 23, 2017
Gemfile.lock update dependencies (#241) Dec 29, 2017
LICENSE.md remove dupe license stuff, standardize Feb 9, 2015
README.md Design overhaul to use US Web Design Standards (#235) Oct 23, 2017
Staticfile initial commit to prep site for cloud.gov Oct 28, 2016
_config.yml Tighten up build/push ignore files (#245) Apr 13, 2018
favicon.ico Design overhaul to use US Web Design Standards (#235) Oct 23, 2017
gulpfile.js Design overhaul to use US Web Design Standards (#235) Oct 23, 2017
manifest.yml repair buildpack name Jan 13, 2017
package.json Design overhaul to use US Web Design Standards (#235) Oct 23, 2017

README.md

HTTPS Everywhere for the U.S. Government

The American people expect government websites to be secure and their interactions with those websites to be private.

This site contains a web-friendly version of the White House Office of Management and Budget memorandum M-15-13, "A Policy to Require Secure Connections across Federal Websites and Web Services", and provides technical guidance and best practices to assist in its implementation.

Read the policy.

Please open an issue to leave feedback or suggestions. Pull requests are welcome to pages other than the homepage, which shows the final policy and is not subject to change through GitHub.

Thank You For Your Feedback

This policy was open for public comment before its finalization. It received numerous comments whose thoughtfulness and feedback improved the final policy.

You can see what changed between the proposal and the final policy in pull request #108.

The homepage of this site is the final policy. The other pages on https.cio.gov are open for contribution at any time, and are intended to be resources for agencies implementing the HTTPS policy.

Developing on the site locally

If you're using this repository to run the site locally, instructions follow below.

Dependencies:

  • Node 6+ to install USWDS and dependencies
  • Ruby and bundler to install / run Jekyll
First-time setup
  1. npm install to install the USWDS, and Gulp dependencies.
  2. npm install -g gulp to let you use the gulp CLI directly.
  3. bundle install to install Jekyll.
Running the app

If you'll be editing the Sass/CSS:

  • gulp watch

To run the app:

  • bundle exec jekyll serve

Public domain

This project is in the worldwide public domain. As stated in CONTRIBUTING:

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.