The White House today launched a new HTTPS-everywhere initiative, requiring all US Government web sites to only provide access via SSL-secured connections:
Today, the White House Office of Management and Budget (OMB) issued the HTTPS-Only Standard directive, requiring that all publicly accessible Federal websites and web services only provide service through a secure HTTPS connection.
Unencrypted HTTP connections create a vulnerability and expose potentially sensitive information about users of unencrypted Federal websites and services. This data can include browser identity, website content, search terms, and other user-submitted information. To address these concerns, many commercial organizations have already adopted HTTPS-only policies to protect visitors to their websites and services. Today’s action will deliver that same protection to users of Federal websites and services.
Per the issuance of this Memorandum, all publicly accessible Federal websites must meet the HTTPS-Only Standard by December 31st of 2016.
It is nice to finally see the US government joining the HTTPS party. While a little late to the game, it is better late than never even if it will take up to December 2016 to migrate all publicly accessible governmental services to SSL.