 |
Page History
...
On June 8th 2015, the White House issued policy that all publicly accessible government websites and web services only provide service through a secure connection by December 31, 2016. This policy applies to publicly accessible websites and web services ‘that that 'are maintained in whole or in part by the Federal Government and operated by an agency, contractor, or other organization on behalf of the agency’agency.’ All web browsing should be conducted using https only, secured via Transport Layer Security (TLS) encryption. This requires use of TLS/SSL certificates for web sites and web services.
The use of HTTPS is encouraged on intranets, but is not explicitly required. Newly developed websites and services at all Federal agency domains or sub-domains must adhere to the White House issued policy.
Details can be found at https://wwwobamawhitehouse.whitehousearchives.gov/sites/default/files/omb/memoranda/2015/m-15-13.pdf. (link is external)
Servers should be configured to support:
...
If you choose to obtain a certificate from a commercial vendor, NCI will approve certificate requests on the NCI domain names for legitimate and verified contractors. NCI contractors have had success obtaining commercially-provided TLS/SSL certificates on the nci.nih.gov and cancer.gov domains from the following vendors: Digicert, Godaddy, and Comodo. It is not a requirement to use a particular certificate vendor; we only listed those vendors with whom we have had recent experience.Contractors should allow sufficient lead time for certificate request validation and approval.
...
with your company name, company contact name, phone number and email address, the NCI contract project manager, the requested URL DNS name (e.g. newsiteThisNewNCIwebsite.nci.nih.govgov ) and the certificate provider you plan to use so we can notify the federal domain owner that a request is forthcoming.
...
