The General Services Administration (GSA) has launched an effort with the Cybersecurity and Infrastructure Security Agency (CISA) to help government agencies ensure the safety of their .gov domains.
According to the DotGov program's website, the effort comes as part of the Trump administration's goal to have the HTTP Strict Transport Security (HSTS) function automatically enabled in government websites by September 1.
GSA will also work with government-affiliated civic organizations over the next few months to launch events in an effort to promote the benefits of preloading a secure .gov website.
“HTTPS is a key protection for websites and web users. It offers security and privacy when connecting to the web, and provides governments the assurance that what they publish is what is delivered to users,” GSA said.
“An additional protection, [HSTS], is a simple standard that protects visitors by ensuring that their browsers always enforce an HTTPS connection to a website. It also eliminates the ability to click through a certificate error–protecting users from attack.”
The agency is seeking feedback from agencies on challenges and potential solutions to domain security ahead of announcing a “ target preloading date at a future time.”
