<!DOCTYPE html> <html lang="en-US"> <head> <!-- Basic Page Needs ================================================== --> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <!-- Mobile Specific Metas ================================================== --> <meta name="HandheldFriendly" content="True" /> <meta name="MobileOptimized" content="320" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <!-- Title and meta description ================================================== --> <title>18F: Digital service delivery | </title> <meta property="og:title" content="18F: Digital service delivery | " /> <meta name="description" content="" /> <meta property="og:description" content="" /> <meta name="twitter:card" content="summary" /> <meta name="twitter:site" content="@18F" /> <meta name="twitter:title" content="" /> <meta name="twitter:description" content="" /> <meta property="og:type" content="article" /> <link rel="canonical" href="/tags/security/" /> <meta property="og:url" content="/tags/security/" /> <script async="" src=/assets/js/uswds-init.js></script> <!-- Favicon ================================================== --> <link rel="icon" type="image/png" sizes="16x16" href="/img/favicons/favicon-16x16.png"> <link rel="icon" type="image/png" sizes="32x32" href="/img/favicons/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="192x192" href="/img/favicons/favicon-192x192.png"> <link rel="icon" type="image/svg+xml" href="/img/favicons/favicon.svg"> <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico" /> <link rel="apple-touch-icon" sizes="180x180" href="/img/favicons/favicon-180x180.png"> <!-- CSS ================================================== --> <link href="https://unpkg.com/prismjs@1.20.0/themes/prism.css" rel="stylesheet"> <link rel="preload" as="style" href="/assets/styles/styles-UKMOJPRN.css" /> <link rel="stylesheet" href="/assets/styles/styles-UKMOJPRN.css" type="text/css" /> </head> <body class=" "> <a class="usa-skipnav" href="#main-content">Skip to main content</a> <div class="page-landing-page layout-demo "> <a class="usa-skipnav" href="#main-content">Skip to main content</a> <div class="usa-banner"> <div class="usa-accordion"> <section id="gov-banner-header-section" aria-label="USA Gov banner section header" class="usa-banner__header" > <div class="usa-banner__inner"> <div class="grid-col-auto"> <img src="/img/us_flag_small-VKjpzbKpq_.png" class="usa-banner__header-flag" alt="U.S. flag" loading="lazy" decoding="async"> </div> <div class="grid-col-fill tablet:grid-col-auto"> <p class="usa-banner__header-text"> An official website of the United States government </p> <p class="usa-banner__header-action" aria-hidden="true"> Here’s how you know </p> </div> <button class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner" type="button" > <span class="usa-banner__button-text">Here's how you know</span> </button> </div> </section> <div class="usa-banner__content usa-accordion__content" id="gov-banner"> <div class="grid-row grid-gap-lg"> <div class="usa-banner__guidance tablet:grid-col-6"> <div class="usa-media-block__body"> <p> <strong>The .gov means it’s official.</strong> <br /> Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site. </p> </div> </div> <div class="usa-banner__guidance tablet:grid-col-6"> <div class="usa-media-block__body"> <p> <strong>The site is secure.</strong> <br /> The <strong>https://</strong> ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely. </p> </div> </div> </div> </div> </div> </div> <div class="usa-overlay"></div> </div> <header class="usa-header usa-header--basic usa-header--basic-megamenu" role="banner"> <div class="usa-nav-container"> <div class="usa-navbar"> <div class="usa-logo" id="header-logo"> <a href="/" title="Home"> <img src="/img/18f-logo-60i14872OF.svg" class="usa-logo-img" alt="18F home page" loading="lazy" decoding="async"> </a> </div> <button type="button" class="usa-menu-btn">Menu</button> </div> <nav class="usa-nav" aria-label="Menu navigation" > <button type="button" class="usa-nav__close"> <img src="/img/close-xPu02brD0d.svg" class="" alt="close" loading="lazy" decoding="async"> </button> <ul class="usa-nav__primary usa-accordion"> <li class="usa-nav__primary-item"> <a class="usa-nav__link " href="/our-work/" > <span>Our work</span> </a> </li> <li class="usa-nav__primary-item"> <a class="usa-nav__link " href="/work-with-us/" > <span>Work with us</span> </a> </li> <li class="usa-nav__primary-item"> <a class="usa-nav__link " href="/about/" > <span>About 18F</span> </a> </li> <li class="usa-nav__primary-item"> <a class="usa-nav__link " href="/guides/" > <span>Guides</span> </a> </li> <li class="usa-nav__primary-item"> <a class="usa-nav__link " href="/blog/" > <span>Blog</span> </a> </li> <li class="usa-nav__primary-item"> <a class="usa-button an18f-button--dark margin-top-3 desktop:margin-top-0 desktop:margin-x-2 " href="/contact/" > <span>Contact</span> </a> </li> </ul> <a href="https://search.usa.gov/search?utf8=%E2%9C%93&affiliate=18F-site&query=&commit=" class="usa-button padding-x-2" > <img src="/img/search--white-ZVwKBtv5eC.svg" class="" alt="Search" loading="lazy" decoding="async"> </a> </nav> </div> </header> <main id="main-content"> <section class="usa-section section-padding-sm"> <div class="grid-container"> <a href="/blog/" class="display-flex flex-align-center"><span class="usa-sr-only">Back to</span><svg class="icon caret" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" x="0px" y="0px" width="512px" height="512px" viewBox="0 0 444.531 444.531" style="enable-background:new 0 0 444.531 444.531;" xml:space="preserve" role="img" aria-hidden="true"> <title>Arrow left</title> <desc>Arrow pointing to the left</desc> <g> <path d="M213.13,222.409L351.88,83.653c7.05-7.043,10.567-15.657,10.567-25.841c0-10.183-3.518-18.793-10.567-25.835 l-21.409-21.416C323.432,3.521,314.817,0,304.637,0s-18.791,3.521-25.841,10.561L92.649,196.425 c-7.044,7.043-10.566,15.656-10.566,25.841s3.521,18.791,10.566,25.837l186.146,185.864c7.05,7.043,15.66,10.564,25.841,10.564 s18.795-3.521,25.834-10.564l21.409-21.412c7.05-7.039,10.567-15.604,10.567-25.697c0-10.085-3.518-18.746-10.567-25.978 L213.13,222.409z" fill="#046b99"/> </g> </svg> <span class="margin-left-05">18F Blog </span> </a> <h1 class="margin-top-2">26 posts tagged with "security" </h1> </div> </section> <section class="padding-sm page-tag-results"> <div class="grid-container"> <hr class="hr-1-dark margin-y-0"> <div class="blog-content" itemprop="blogPosts" itemscope itemtype="http://schema.org/BlogPosting"> <ul class="usa-list usa-list--unstyled post-list"> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2019/08/15/keeping-your-accounts-secure/" class="post-link text-no-underline"> Keeping your accounts secure </a> </h2> <p><span class="post-date">August 15, 2019</span> </p> <p>login.gov helps over 15 million people keep their information safe across dozens of government applications online. Over the past few years, we’ve learned a lot about keeping information safe. Here are a few ways you can make sure your online interactions stay secure.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/login-gov/" class="usa-label post-tag"> login.gov </a> <a href="/tags/best-practices/" class="usa-label post-tag"> best practices </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2018/08/07/how-login-used-evidence-based-buying/" class="post-link text-no-underline"> How login.gov used evidence-based buying to find identity proofing software </a> </h2> <p><span class="post-date">August 7, 2018</span> </p> <p>As part of our work building login.gov, a single sign on service for government, we’ve been looking at ways to effectively verify people’s identity online. Not only did we need to find a technology solution to meet this need, we need to find a solution in a stack of brand new possibilities.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/identity/" class="usa-label post-tag"> identity </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/procurement/" class="usa-label post-tag"> procurement </a> <a href="/tags/testing/" class="usa-label post-tag"> testing </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2018/07/19/taking-the-ato-process-from-6-months-to-30-days/" class="post-link text-no-underline"> Taking the ATO process from 6 months to 30 days </a> </h2> <p><span class="post-date">July 19, 2018</span> </p> <p>Security compliance is a major factor in launching a software system in the federal government. The Authority To Operate compliance process for systems within our division of GSA was taking more than six months for every system. With the new process, we have cleared the backlog and reduced the turnaround time to under a month.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/lessons-learned/" class="usa-label post-tag"> lessons learned </a> <a href="/tags/how-we-work/" class="usa-label post-tag"> how we work </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2018/01/25/getting-devops-buy-in/" class="post-link text-no-underline"> Getting DevOps buy-in to facilitate agile </a> </h2> <p><span class="post-date">January 25, 2018</span> </p> <p>Agile without DevOps is a bundle of potential energy with no outlet. We’ve found that it’s easier to get agency buy-in for DevOps if automated security audits are part of that work.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/devops/" class="usa-label post-tag"> devops </a> <a href="/tags/agile/" class="usa-label post-tag"> agile </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/convincing-stakeholders/" class="usa-label post-tag"> convincing stakeholders </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2017/09/26/automated-scanning-for-sensitive-information/" class="post-link text-no-underline"> Automated scanning for sensitive information in the development lifecycle </a> </h2> <p><span class="post-date">September 26, 2017</span> </p> <p>Often when developing open source software, and especially software that relies on outside services, you’ll find that you have to manage sensitive information. While there are a large number of things that can be considered sensitive, open source developers often deal with sensitive items such as API tokens, passwords, and private keys that are required for the system to function. Here's how we approached keeping this information safe.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/open-source/" class="usa-label post-tag"> open source </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/devops/" class="usa-label post-tag"> devops </a> <a href="/tags/how-we-work/" class="usa-label post-tag"> how we work </a> <a href="/tags/tools-you-can-use/" class="usa-label post-tag"> tools you can use </a> <a href="/tags/technical-guides/" class="usa-label post-tag"> technical guides </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2017/08/22/government-launches-login-gov/" class="post-link text-no-underline"> Government launches login.gov to simplify access to public services </a> </h2> <p><span class="post-date">August 22, 2017</span> </p> <p>Today, the U.S. Digital Service and 18F are excited to announce the launch of login.gov, a single sign-on solution for government websites that will enable citizens to access public services across agencies with the same username and password.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/login-gov/" class="usa-label post-tag"> login.gov </a> <a href="/tags/identity/" class="usa-label post-tag"> identity </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/platforms/" class="usa-label post-tag"> platforms </a> <a href="/tags/u-s-digital-service/" class="usa-label post-tag"> u.s. digital service </a> <a href="/tags/product-launch/" class="usa-label post-tag"> product launch </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2017/05/25/from-launch-to-landing-how-nasa-took-control-of-its-https-mission/" class="post-link text-no-underline"> From launch to landing: How NASA took control of its HTTPS mission </a> </h2> <p><span class="post-date">May 25, 2017</span> </p> <p>In 2015, the White House Office of Management and Budget released M-15-13, a "Policy to Require Secure Connections across Federal Websites and Web Services" the memo emphasizes the importance of protecting the privacy and security of the public's browsing activities on teh web. This is a guest post by Karim Said of NASA who was instrumental in NASA's successful HTTPS and HSTS migration.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/https/" class="usa-label post-tag"> https </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/convincing-stakeholders/" class="usa-label post-tag"> convincing stakeholders </a> <a href="/tags/lessons-learned/" class="usa-label post-tag"> lessons learned </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2017/05/11/the-next-steps-towards-bug-bounty-program-for-technology-transformation-service/" class="post-link text-no-underline"> The next step towards a bug bounty program for the Technology Transformation Service </a> </h2> <p><span class="post-date">May 11, 2017</span> </p> <p>With bug bounties becoming an established industry-wide best practice, it’s important for us to establish our own. With the results we receive from the TTS Bug Bounty, we look forward to establishing a permanent program that involves most — if not all — TTS-owned websites and web applications.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/technology-transformation-services/" class="usa-label post-tag"> technology transformation services </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2017/02/27/to-get-things-done-you-need-great-secure-tools/" class="post-link text-no-underline"> To get things done, you need great, secure tools </a> </h2> <p><span class="post-date">February 27, 2017</span> </p> <p>To folks new to government, one of the most surprising differences between our work and work in the private sector are the barriers in accessing commercially available software, and commercially available Software as a Service (SaaS) in particular. There are many good reasons for these barriers but digital teams need great tools to get work done and compliance requires tradeoffs associated with time to initial delivery and accommodation of constraints that are different from the private sector.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/acquisition-services/" class="usa-label post-tag"> acquisition services </a> <a href="/tags/cloud-gov/" class="usa-label post-tag"> cloud.gov </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2017/01/06/open-source-collaboration-across-agencies-to-improve-https-deployment/" class="post-link text-no-underline"> Open source collaboration across agencies to improve HTTPS deployment </a> </h2> <p><span class="post-date">January 6, 2017</span> </p> <p>Cameron Dixon at the Department of Homeland Security writes for 18F: To facilitate secure connections for citizens, immigrants, and other users, the Department of Homeland Security began delivering 'HTTPS Reports' directly to federal agencies. We open-sourced the tool we scan with, in collaboration with our colleagues at 18F.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/https/" class="usa-label post-tag"> https </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/open-source/" class="usa-label post-tag"> open source </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2017/01/04/tracking-the-us-governments-progress-on-moving-https/" class="post-link text-no-underline"> Tracking the U.S. government's progress on moving to HTTPS </a> </h2> <p><span class="post-date">January 4, 2017</span> </p> <p>The White House HTTPS policy generated significant HTTPS adoption in the U.S. government. HTTPS is now used for most web requests to executive branch .gov websites, and the government now outpaces the private sector on HTTPS.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/https/" class="usa-label post-tag"> https </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/pulse-cio-gov/" class="usa-label post-tag"> pulse.cio.gov </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2016/11/22/a-vulnerability-disclosure-policy-for-the-technology-transformation-service/" class="post-link text-no-underline"> A vulnerability disclosure policy for the Technology Transformation Service </a> </h2> <p><span class="post-date">November 22, 2016</span> </p> <p>We’ve published a vulnerability disclosure policy for 18F's parent organization, GSA's Technology Transformation Service, which lays out rules of the road for reporting vulnerabilities to various TTS-operated systems. We want a clear path for security researchers to tell us about vulnerabilities on our systems, and to assure those researchers that we won’t pursue legal action against them.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/technology-transformation-services/" class="usa-label post-tag"> technology transformation services </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2016/05/13/how-18f-handles-information-security-and-third-party-applications/" class="post-link text-no-underline"> How 18F handles information security and third party applications </a> </h2> <p><span class="post-date">May 13, 2016</span> </p> <p>Today the General Services Administration’s Office of Inspector General (an independent part of our agency, entrusted with carefully inspecting agency operations) published a report on a mistake made in the configuration of Slack, an online chat tool we use. We discovered and remedied this issue a couple of months ago. We did a full investigation and to our knowledge no sensitive information was shared inappropriately.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/collaboration-tools/" class="usa-label post-tag"> collaboration tools </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2016/05/10/building-a-modern-shared-authentication-platform/" class="post-link text-no-underline"> Building a modern shared authentication platform </a> </h2> <p><span class="post-date">May 10, 2016</span> </p> <p>18F is working iteratively with a team of technologists from across the government to build a platform for users who need to log in to government services. Every consumer-facing service the government offers will benefit from this platform, enhancing the privacy and security of online interactions for the public and for agencies.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/login-gov/" class="usa-label post-tag"> login.gov </a> <a href="/tags/platforms/" class="usa-label post-tag"> platforms </a> <a href="/tags/identity/" class="usa-label post-tag"> identity </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/modern-practices/" class="usa-label post-tag"> modern practices </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2016/04/15/compliance-masonry-buildling-a-risk-management-platform/" class="post-link text-no-underline"> Compliance Masonry: Building a risk management platform, brick by brick </a> </h2> <p><span class="post-date">April 15, 2016</span> </p> <p>We’re trying to change how we approach the development of system security plans. Our goal is to create a system that allows system custodians, security operations staff, and executives to actively interact, update, and generate assurance reports with searchable content and testable security controls to satisfy any type of risk management framework. The current prototype is called Compliance Masonry.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/cloud-gov/" class="usa-label post-tag"> cloud.gov </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2015/11/13/answering-common-questions-about-cloud-gov/" class="post-link text-no-underline"> Answering common questions about cloud.gov </a> </h2> <p><span class="post-date">November 13, 2015</span> </p> <p>Four weeks ago, we announced cloud.gov, a new platform that will enable small federal teams to rapidly develop and deploy web services with best-practice, production-level security and scalability. Currently, we’re running a small pilot program to prepare to open up cloud.gov to all federal agencies. In the meantime, we’d like to lay out some more details about the project and answer some common questions.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/devops/" class="usa-label post-tag"> devops </a> <a href="/tags/platforms/" class="usa-label post-tag"> platforms </a> <a href="/tags/video/" class="usa-label post-tag"> video </a> <a href="/tags/cloud-gov/" class="usa-label post-tag"> cloud.gov </a> <a href="/tags/best-practices/" class="usa-label post-tag"> best practices </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2015/11/04/complexity-is-the-adversary/" class="post-link text-no-underline"> Complexity is the adversary </a> </h2> <p><span class="post-date">November 4, 2015</span> </p> <p>What if we told you that most catastrophic digital security vulnerabilities had one common denominator? One overriding contributor to root causes? Would you believe that one factor is also the biggest impediment to great design and software? That one thing? Complexity.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/best-practices/" class="usa-label post-tag"> best practices </a> <a href="/tags/https/" class="usa-label post-tag"> https </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2015/10/09/cloud-gov-launch/" class="post-link text-no-underline"> To always be shipping, you need a shipyard </a> </h2> <p><span class="post-date">October 9, 2015</span> </p> <p>We’ve developed cloud.gov, a Platform-as-a-Service (PaaS), to tackle core infrastructure issues and enable our small development teams to improve the delivery of 18F products.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/best-practices/" class="usa-label post-tag"> best practices </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/platforms/" class="usa-label post-tag"> platforms </a> <a href="/tags/cloud-gov/" class="usa-label post-tag"> cloud.gov </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2015/07/16/introduction-to-https-webinar/" class="post-link text-no-underline"> An introduction to HTTPS, by 18F and DigitalGov University </a> </h2> <p><span class="post-date">July 16, 2015</span> </p> <p>18F uses HTTPS for everything we make, and the U.S. government is in the process of transitioning to HTTPS everywhere. As part of this effort, we've recently partnered with DigitalGov University to produce a two-video series introducing the why's and how's of HTTPS.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/https/" class="usa-label post-tag"> https </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/tools-you-can-use/" class="usa-label post-tag"> tools you can use </a> <a href="/tags/video/" class="usa-label post-tag"> video </a> <a href="/tags/training/" class="usa-label post-tag"> training </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2015/06/08/the-us-government-is-moving-to-https-everywhere/" class="post-link text-no-underline"> The U.S. government is moving to HTTPS everywhere </a> </h2> <p><span class="post-date">June 8, 2015</span> </p> <p>Today, the White House's Office of Management and Budget (OMB) finalized an HTTPS-Only Standard for all publicly accessible federal websites and web services. This standard is designed to ensure a new, strong baseline of user privacy and security across U.S. government websites and APIs.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/https/" class="usa-label post-tag"> https </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/best-practices/" class="usa-label post-tag"> best practices </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2015/06/03/giving-back-to-open-source/" class="post-link text-no-underline"> Giving back to open source: Everybody wins </a> </h2> <p><span class="post-date">June 3, 2015</span> </p> <p>We love when we're able to contribure to open source projects from other organizations. Recently, we contributed to Bitly's open source google_auth_proxy to support our Hub and MyUSA applications, and our contribution has already helped other OAuth2 providers.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/open-source/" class="usa-label post-tag"> open source </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/hub/" class="usa-label post-tag"> hub </a> <a href="/tags/communication-tools-and-practices/" class="usa-label post-tag"> communication tools and practices </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2015/06/02/taking-the-pulse-of-the-federal-governments-web-presence/" class="post-link text-no-underline"> Taking the pulse of the federal government's web presence </a> </h2> <p><span class="post-date">June 2, 2015</span> </p> <p>The U.S. federal government is launching a new project to monitor how it's doing at best practices on the web. A sort of health monitor for the U.S. government's websites, it's called Pulse, and you can find it at pulse.cio.gov.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/pulse-cio-gov/" class="usa-label post-tag"> pulse.cio.gov </a> <a href="/tags/https/" class="usa-label post-tag"> https </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/best-practices/" class="usa-label post-tag"> best practices </a> <a href="/tags/product-launch/" class="usa-label post-tag"> product launch </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2015/05/18/myusa/" class="post-link text-no-underline"> Meet MyUSA: Your one account for government </a> </h2> <p><span class="post-date">May 18, 2015</span> </p> <p>If you’re a small-business owner, a veteran, or simply a person interested in tracking the status of your tax return, you’ve likely interacted with multiple government websites, which can require you to fill out a lot of forms and juggle a lot of information. Soon, you’ll be able to use MyUSA — a service that makes government resources easier to access, and government tasks and processes easier to keep track of.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/myusa/" class="usa-label post-tag"> myusa </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2015/03/17/for-public-comment-the-https-only-standard/" class="post-link text-no-underline"> For public comment: the HTTPS-only standard </a> </h2> <p><span class="post-date">March 17, 2015</span> </p> <p>Today, the White House's Office of Management and Budget is releasing a draft proposal for public comment: The HTTPS-Only Standard, at https.cio.gov. This proposal would require all new and existing publicly accessible federal websites and web services to enforce a secure, private connection with HTTPS Feedback and suggestions during this public comment period are encouraged, and can be provided on GitHub or by email.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/https/" class="usa-label post-tag"> https </a> <a href="/tags/best-practices/" class="usa-label post-tag"> best practices </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2015/02/09/the-first-gov-domains-hardcoded-into-your-browser-as-all-https/" class="post-link text-no-underline"> The first .gov domains hardcoded into your browser as all-HTTPS </a> </h2> <p><span class="post-date">February 9, 2015</span> </p> <p>Every .gov website, no matter how small, should give its visitors a secure, private connection. Ordinary HTTP (http://) connections are neither secure nor private, and can be easily intercepted and impersonated. In today's web browsers, the best and easiest way to fix that is to use HTTPS (https://).</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/https/" class="usa-label post-tag"> https </a> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/best-practices/" class="usa-label post-tag"> best practices </a> </span> </li> <li class="border-bottom-1px border-base-lighter padding-y-6"> <h2> <a href="/2014/11/13/why-we-use-https-in-every-gov-website-we-make/" class="post-link text-no-underline"> Why we use HTTPS for every .gov we make </a> </h2> <p><span class="post-date">November 13, 2014</span> </p> <p>18F uses HTTPS in every .gov website we make, so that our users have a fast, secure, private connection.</p> <span class="post-tags display-flex flex-wrap" itemprop="keywords"> <a href="/tags/security/" class="usa-label post-tag"> security </a> <a href="/tags/best-practices/" class="usa-label post-tag"> best practices </a> <a href="/tags/https/" class="usa-label post-tag"> https </a> <a href="/tags/modern-practices/" class="usa-label post-tag"> modern practices </a> </span> </li> </ul> </div> </div> </section> </main> <footer> <div class="grid-container padding-y-6"> <hr class="hr-1-dark footer-hr-alignment"> <div class="grid-row grid-gap"> <div class="tablet:grid-col-3"> <img src="/img/18f-logo-60i14872OF.svg" class="maxw-5" alt="18F logo" loading="lazy" decoding="async"> <p> Work with us to plan successful projects, choose better vendors, build custom software, or learn how to work in new ways. </p> <a href="/contact/" class="usa-button an18f-button--dark" > Contact us </a> </div> <div class="tablet:grid-offset-1 tablet:grid-col-2"> <h2 class="font-heading-md text-medium margin-top-4 tablet:margin-top-0 margin-bottom-2 tablet:margin-bottom-4"> Pages </h2> <ul class="usa-list usa-list--unstyled font-sans-sm list-item-spacing-2"> <li><a href="/our-work/">Our work</a></li> <li><a href="/work-with-us/">Work with us</a></li> <li><a href="/about/">About 18F</a></li> <li><a href="/guides/">Guides</a></li> <li><a href="/blog/">Blog</a></li> <li><a href="/contact/">Contact</a></li> </ul> </div> <div class="tablet:grid-col-2"> <h2 class="font-heading-md text-medium margin-top-4 tablet:margin-top-0 margin-bottom-2 tablet:margin-bottom-4"> Policies </h2> <ul class="usa-list usa-list--unstyled font-sans-sm list-item-spacing-2"> <li><a href="/linking-policy/">Linking policy</a></li> <li><a href="/open-source-policy/">Open source policy</a></li> <li><a href="/vulnerability-disclosure-policy/">Vulnerability disclosure</a></li> <li><a href="/code-of-conduct/">Code of conduct</a></li> </ul> </div> <div class="tablet:grid-col-2"> <h2 class="font-heading-md text-medium margin-top-4 tablet:margin-top-0 margin-bottom-2 tablet:margin-bottom-4"> Contact </h2> <ul class="usa-list usa-list--unstyled font-sans-sm list-item-spacing-2"> <li> <a href="/contact/" > Get in touch </a> </li> <li> <a href="/about/#for-press" > Press </a> </li> <li> <a href="https://github.com/18F/18f.gsa.gov/issues/new/choose" class="usa-link--external" > Report a bug </a> </li> <li> <a href="/join/" > Join 18F </a> </li> </ul> </div> <div class="tablet:grid-col-2"> <h2 class="font-heading-md text-medium margin-top-4 tablet:margin-top-0 margin-bottom-2 tablet:margin-bottom-4"> Social </h2> <ul class="usa-list usa-list--unstyled font-sans-sm list-item-spacing-2"> <li class="display-flex flex-align-center"> <a href="https://github.com/18F" class="usa-link--external" rel="noreferrer" > <img src="/img/github-dark-2-w9jCrv94IZ.svg" class="maxw-205 margin-right-1 text-tbottom" alt="" loading="lazy" decoding="async">GitHub</a> </li> <li class="display-flex flex-align-center"> <a href="https://twitter.com/18F" class="usa-link--external" rel="noreferrer" > <img src="/img/twitter-dark-Pq04PjchNH.svg" class="maxw-205 margin-right-1 " alt="" loading="lazy" decoding="async">Twitter</a> </li> <li class="display-flex flex-align-center"> <a href="https://www.linkedin.com/company/gsa18f" class="usa-link--external" rel="noreferrer" > <img src="/img/linkedin-dark-ILbHB_Cgfp.svg" class="maxw-205 margin-right-1 " alt="" loading="lazy" decoding="async">LinkedIn</a> </li> </ul> </div> </div> </div> <div class="usa-identifier padding-top-2"> <section class="usa-identifier__section usa-identifier__section--masthead" aria-label="Agency identifier"> <div class="usa-identifier__container"> <div class="usa-identifier__logos"> <a href="https://www.gsa.gov/" class="usa-identifier__logo"> <img src="/img/gsa-logo-blue-YKGHyQURdg.svg" class="usa-identifier__logo-img" alt="gsa logo" loading="lazy" decoding="async"> </a> </div> <div class="usa-identifier__identity text-base-lightest"> <p class="usa-identifier__identity-domain">18f.gsa.gov</p> <p class="usa-identifier__identity-disclaimer text-base-lightest">An official website of the <a href="https://www.gsa.gov/about-us/organization/federal-acquisition-service/technology-transformation-services"> GSA’s Technology Transformation Services </a> </p> </div> </div> </section> <nav class="usa-identifier__section usa-identifier__section--required-links" aria-label="Important links"> <div class="usa-identifier__container"> <ul class="usa-identifier__required-links-list"> <li class="usa-identifier__required-links-item"> <a class="usa-identifier__required-link usa-link" href="https://www.gsa.gov/about" title="About GSA"> About GSA </a> </li> <li class="usa-identifier__required-links-item"> <a class="usa-identifier__required-link usa-link" href="https://www.gsa.gov/website-information/accessibility-aids" title="View accessibility statement"> Accessibility support </a> </li> <li class="usa-identifier__required-links-item"> <a class="usa-identifier__required-link usa-link" href="https://www.gsa.gov/reference/freedom-of-information-act-foia" title="Submit a Freedom of Information Act (FOIA) request"> FOIA requests </a> </li> <li class="usa-identifier__required-links-item"> <a class="usa-identifier__required-link usa-link" href="https://www.gsa.gov/reference/civil-rights-programs/the-no-fear-act" title="View No FEAR Act data"> No FEAR Act data </a> </li> <li class="usa-identifier__required-links-item"> <a class="usa-identifier__required-link usa-link" href="https://www.gsaig.gov/" title="Office of the Inspector General"> Office of the Inspector General </a> </li> <li class="usa-identifier__required-links-item"> <a class="usa-identifier__required-link usa-link" href="https://www.gsa.gov/reference/reports/budget-performance" title="View budget and performance reports"> Performance reports </a> </li> <li class="usa-identifier__required-links-item"> <a class="usa-identifier__required-link usa-link" href="https://www.gsa.gov/website-information/website-policies" title="Our privacy policy"> Privacy policy </a> </li> </ul> </div> </nav> <section class="usa-identifier__section usa-identifier__section--usagov" aria-label="U.S. government information and services"> <div class="usa-identifier__container"> <div class="usa-identifier__usagov-description text-base-lightest">Looking for U.S. government information and services?</div> <a href="https://www.usa.gov/" class="usa-link">Visit USA.gov</a> </div> </section> </div> </footer> <!-- Pull in USWDS and custom js --> <script async src="/assets/js/app-IYN3AA5J.js"></script> <!-- Digital Analytics Program roll-up, see https://analytics.usa.gov for data --> <script id="_fed_an_ua_tag" src="https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=GSA&subagency=TTS,18F"></script> <!-- Google Analytics --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-HBYXWFP794"></script> <script> window.dataLayer = window.dataLayer || []; function gtag() { dataLayer.push(arguments); } gtag('js', new Date()); gtag('config', 'G-HBYXWFP794', { 'anonymize_ip': true }); </script> </body> </html>