The U.S. government is requiring that by the end of 2016, all publicly accessible Federal websites and web services only provide service through a secure, Hypertext Transfer Protocol Secure (HTTPS) connection. The unencrypted HTTP protocol does not protect data from interception or alteration, which can subject users to eavesdropping, tracking, and the modification of received data. The majority of Federal websites use HTTP as the as primary protocol to communicate over the public internet.

To address these concerns, many commercial organizations have adopted HTTPS or implemented HTTPS-only policies to protect visitors to their websites and services.

HTTPS is a combination of HTTP and Transport Layer Security (TLS). TLS is a network protocol that establishes an encrypted connection to an authenticated peer over an untrusted network. HTTPS verifies the identity of a website or web service for a connecting client, and encrypts nearly all information sent between the website or service and the user.

Implementing an HTTPS-only standard does not come without a cost. However, the U.S. government affirms that tangible benefits to the American public outweigh the cost to the taxpayer.

U.S. CIO Tony Scott on Monday signed the mandate to deploy HTTPS and use HTTP Strict Transport Security (HSTS), a system that instructs a web browser to always connect to a website via HTTPS. That prevents a browser from being redirected to an insecure site.

"With this new requirement, the Federal web community seeks to drive faster internet-wide adoption of HTTPS and promote better privacy standards for the entire browsing public," his office said in a statement.