Security Protocols to Protect Information

Requirement

All federal public websites* must comply with Section 207(f)(1)(b)(iv) of the E–Gov Act of 2002, which requires organizations to have security protocols to protect information.

E–Gov Act of 2002, Section 207(f)(1)(b)(iv)
Guidelines on Securing Public Web Servers—NIST (PDF, 1.28 MB, 142 pages, September 2007)
Requirements for Accepting Externally-Issued Identity Credentials - memo from Federal CIO to Executive Branch Agency CIOs (PDF, 166 KB, 4 pages, October 2011)

Examples

Science.gov, a cross–agency portal managed by multiple scientific agencies, offers an explanation about their computer security systems and the penalties for attempting to interfere with the security features of the site.
The Library of Congress provides a clearly written statement about security protections used to prevent unauthorized use of their website.
The Department of Education has a page on their website describing site security and intrusion detection.
The National Institute of Health's My NCBI portal gives users a variety of ways to sign in, including via Google, or using IDs from affiliated partner organizations.

*These requirements apply to executive departments and agencies and their public websites. Check the specific law to see if it also applies to the judicial or legislative agencies or to intranets.

Content Lead: Natalie Davidson
Page Reviewed/Updated: April 19, 2012

Toolbox

Download Plug-ins

Learn More

Webinar	Minimize IT Security Risks While Using Social Media