{
    "version" : "https://jsonfeed.org/version/1",
    "content" : "resources",
    "type" : "single",
    "title" : "Required web content and links |Digital.gov",
    "description": "Required web content and links",
    "home_page_url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/","feed_url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/resources/required-web-content-and-links/index.json","item" : [
    {"title" :"Required web content and links","deck" : "A list of required links that all federal websites need to have.","summary" : "Various policies require you to have certain content—or provide links to content—from specific places on your website.","date" : "2011-12-05T12:37:26-04:00","date_modified" : "2025-01-27T19:42:55-05:00","authors" : {"ndavidson" : "Natalie Davidson","rflagg" : "Rachel Flagg","jeremyzilar" : "Jeremy Zilar","toni-bonitto" : "Toni Bonitto"},"topics" : {
        
            "content-strategy" : "Content strategy",
            "content-strategy" : "Content strategy",
            "customer-experience" : "Customer experience",
            "governance" : "Governance",
            "user-experience" : "User experience"
            },"primary_image" : { "uid" : "website-wireframes-ademay-istock-getty-images-plus-1235556451", "alt" :
  "Website wireframes for a desktop computer design drawn on paper.", "width" :
  "4991", "height" :
  "3200", "credit" :
  "", "caption" :
  "AdemAY / iStock / Getty Images Plus", "format" :
  "jpg" },"branch" : "bc-archive-content-3",
      "filename" :"required-web-content-and-links.md",
      
      "filepath" :"resources/required-web-content-and-links.md",
      "filepathURL" :"https://github.com/GSA/digitalgov.gov/blob/bc-archive-content-3/content/resources/required-web-content-and-links.md",
      "editpathURL" :"https://github.com/GSA/digitalgov.gov/edit/bc-archive-content-3/content/resources/required-web-content-and-links.md","url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/resources/required-web-content-and-links/","weight" : "2","content" :"\u003cp\u003eIf you manage a public website in the federal government\u0026rsquo;s executive branch, various policies require you to have certain content—or provide links to content—from specific places on your website.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eThis page makes it clear:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ewhat links are required and the purpose they serve\u003c/li\u003e\n\u003cli\u003ethe text that you should use for each link\u003c/li\u003e\n\u003cli\u003ewhere the link should be located on your site\u003c/li\u003e\n\u003cli\u003ewhich law or policy requires those links\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe easiest way to implement these required links in a clear, user-friendly way is by using the two core \u003ca href=\"https://designsystem.digital.gov/\"\u003eU.S. Web Design System\u003c/a\u003e components:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://designsystem.digital.gov/components/banner/\"\u003ebanner\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://designsystem.digital.gov/components/identifier/\"\u003eidentifier\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTogether, these two components are the most recognizable and standardized design elements of federal websites. Use the banner at the top to identify your site as an official federal government site. Use the identifier at the bottom to communicate the site’s parent agency and display the links required by federal laws and policies.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eQuestions?\u003c/strong\u003e send an email to \u003ca href=\"mailto:digitalgov@gsa.gov\"\u003edigitalgov@gsa.gov\u003c/a\u003e\u003c/p\u003e\n\n\n\n\u003carticle\n  class=\"dg-note \"\n\u003e\n  \u003ch4 class=\"dg-note__heading\"\u003e\n    \u003csvg\n      class=\"dg-note__icon usa-icon dg-icon dg-icon--large\"\n      aria-hidden=\"true\"\n      focusable=\"false\"\n    \u003e\n      \u003cuse xlink:href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/uswds/img/sprite.svg#notifications\"\u003e\u003c/use\u003e\n    \u003c/svg\u003e\n    \n      Note\n    \n  \u003c/h4\u003e\n  \u003cp\u003e\u003cstrong\u003eSub-agency sites\u003c/strong\u003e are sites managed by or focused on a branch or division of a Department-level agency, such as the National Institutes of Health (NIH) website, \u003ca href=\"https://www.nih.gov\"\u003ewww.nih.gov\u003c/a\u003e, which is a sub-agency of the U.S. Department of Health and Human Services (HHS). The content is focused on the work of the agency.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eSecondary sites\u003c/strong\u003e are sites (including microsites) managed by a federal agency on a certain topic, such as the Federal Student Aid website, \u003ca href=\"https://www.studentaid.gov/\"\u003ewww.studentaid.gov\u003c/a\u003e, which is managed by the U.S. Department of Education. The content is focused on a program or topic, rather than the agency that runs the program.\u003c/p\u003e\n\n\u003c/article\u003e\n\n\u003chr\u003e\n\u003ch2 id=\"about-page\"\u003eAbout Page\u003c/h2\u003e\n\u003cp\u003eYou need to have an \u0026ldquo;About\u0026rdquo; page on your site.\u003c/p\u003e\n\u003cp\u003eOn your primary agency site, include information about the agency with descriptions of the agency organization structure, mission, and statutory authority, and links to the following information:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ethe agency’s strategic plan and annual performance plans\u003c/li\u003e\n\u003cli\u003ethe agency’s privacy policy page \u003cem\u003e(\u003ca href=\"#privacy-policy\"\u003emore on this below\u003c/a\u003e)\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003ethe agency’s Small Business point of contact, as described by the Small Business Paperwork Relief Act of 2002\u003c/li\u003e\n\u003cli\u003ethe agency’s Open Government page\u003c/li\u003e\n\u003cli\u003ethe agency’s Plain Writing page\u003c/li\u003e\n\u003cli\u003einformation as required under the No Fear Act of 2002 \u003cem\u003e(\u003ca href=\"#equal-employment\"\u003emore on this below\u003c/a\u003e)\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003einformation associated with the agency’s implementation of the Information Quality Act\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSecondary agency sites also need an \u0026ldquo;About\u0026rdquo; page that describes your site and links to your own website policies. It should also link to the primary agency\u0026rsquo;s \u0026ldquo;About\u0026rdquo; page.\u003c/p\u003e\n\u003cdiv class=\"box \"\u003e\n  \u003ch5 id=\"suggested-link-text\"\u003eSuggested link text:\u003c/h5\u003e\n\u003cp\u003e\u003ccode\u003eAbout\u003c/code\u003e or \u003ccode\u003eAbout us\u003c/code\u003e\u003c/p\u003e\n\u003ch5 id=\"about-us-links-should-appear-on\"\u003e\u0026lsquo;About us\u0026quot; links should appear on:\u003c/h5\u003e\n\u003cul\u003e\n\u003cli\u003eYour principal website\u003c/li\u003e\n\u003cli\u003eAny known sub-agency site\u003c/li\u003e\n\u003cli\u003eAny known major entry points to your sites\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLearn more about what content helps provide your users with clear, contextualized digital experiences in \u003ca href=\"https://digital.gov/resources/delivering-digital-first-public-experience/\"\u003eRequirements for delivering a digital-first public experience\u003c/a\u003e.\u003c/p\u003e\n\n\u003c/div\u003e\n\n\u003ch2 id=\"accessibility-statement\"\u003eAccessibility Statement\u003c/h2\u003e\n\u003cp\u003eFederal agencies must:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edevelop an accessibility statement,\u003c/li\u003e\n\u003cli\u003eadd it as an “Accessibility” page on the agency’s main website and provide a link to it,\u003c/li\u003e\n\u003cli\u003elink to it on all secondary public-facing websites, and\u003c/li\u003e\n\u003cli\u003elink to it on the agency’s Intranet website.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe accessibility statement should, at a minimum, include:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003econtact information for the agency Section 508 program,\u003c/li\u003e\n\u003cli\u003edate of the last update, and\u003c/li\u003e\n\u003cli\u003ethe ability for website visitors to provide comments and/or feedback regarding the agency Section 508 program.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSample and best-in-practice accessibility statements can be found at \u003ca href=\"https://www.section508.gov\"\u003eSection508.gov\u003c/a\u003e on the pages for \u003ca href=\"https://www.section508.gov/manage/laws-and-policies/#accessibility-statements\"\u003eIT Accessibility Laws and Policies\u003c/a\u003e, and \u003ca href=\"https://www.section508.gov/manage/playbooks/exec-guide-accessibility/#policy\"\u003eExecutive Guide to Federal IT Accessibility\u003c/a\u003e.\u003c/p\u003e\n\u003cdiv class=\"box \"\u003e\n  \u003ch5 id=\"suggested-link-text\"\u003eSuggested link text:\u003c/h5\u003e\n\u003cp\u003e\u003ccode\u003eAccessibility\u003c/code\u003e or \u003ccode\u003eAccessibility statement\u003c/code\u003e\u003c/p\u003e\n\u003ch5 id=\"required-on\"\u003eRequired on:\u003c/h5\u003e\n\u003cul\u003e\n\u003cli\u003eAll agency websites, internal and external.\u003c/li\u003e\n\u003cli\u003eSecondary sites can link to the accessibility statement on the domain website.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLearn more about what content helps provide your users with accessible digital experiences in \u003ca href=\"https://digital.gov/resources/delivering-digital-first-public-experience/\"\u003eRequirements for delivering a digital-first public experience\u003c/a\u003e and the \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/procurement/memo/strategic-plan-508-compliance.pdf\"\u003eOMB Memorandum: Strategic Plan for Improving Management of Section 508 of the Rehabilitation Act\u003c/a\u003e (PDF, 212 kb, 13 pages, January 2013).\u003c/p\u003e\n\n\u003c/div\u003e\n\n\u003ch2 id=\"budget-and-performance-reports\"\u003eBudget and Performance Reports\u003c/h2\u003e\n\u003cp\u003eAgencies are required to have a page on their website that has the following information:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eStrategic plan\u003c/li\u003e\n\u003cli\u003eAnnual performance plan (APP) and Annual performance report (APR)\u003c/li\u003e\n\u003cli\u003eAnnual financial statements\u003c/li\u003e\n\u003cli\u003eGAO high-risk improvement plans with status of implementation (if not included in APP and APR)\u003c/li\u003e\n\u003cli\u003eInspector General audits and investigative reports, and a method to report evidences of waste, fraud, or abuse to the Inspector General\u003c/li\u003e\n\u003c/ul\u003e\n\u003cdiv class=\"box \"\u003e\n  \u003ch5 id=\"suggested-link-text\"\u003eSuggested link text:\u003c/h5\u003e\n\u003cp\u003e\u003ccode\u003eBudget and Performance\u003c/code\u003e\u003c/p\u003e\n\u003ch5 id=\"required-on\"\u003eRequired on:\u003c/h5\u003e\n\u003cul\u003e\n\u003cli\u003eThe homepage of your agency\u0026rsquo;s principal website\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLearn more about  transparency around budgeting and performance reoports in \u003ca href=\"https://digital.gov/resources/delivering-digital-first-public-experience/\"\u003eRequirements for delivering a digital-first public experience\u003c/a\u003e and \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/06/a11.pdf\"\u003eOMB Circular A-11\u003c/a\u003e, Part 6.\u003c/p\u003e\n\n\u003c/div\u003e\n\n\u003cdiv class=\"usa-accordion card-policy\"\u003e\u003ch3 class=\"usa-accordion__heading\"\u003e\n    \u003cbutton\n      class=\"usa-accordion__button\"\n      title=\"View \"\n      aria-expanded=\"false\"\n      aria-controls=\"card-policy-1\"\n    \u003e\n      \u003cspan class=\"scroll\"\u003e\n        \u003csvg\n          class=\"usa-icon dg-icon dg-icon--large margin-bottom-05\"\n          aria-hidden=\"true\"\n          focusable=\"false\"\n        \u003e\n          \u003cuse\n            xlink:href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/uswds/img/sprite.svg#unfold_more\"\n          \u003e\u003c/use\u003e\n        \u003c/svg\u003e\n      \u003c/span\u003e\n      \u003cspan class=\"src\"\u003e\n        \u003cstrong class=\"kicker\"\u003ePolicy\u003c/strong\u003eOMB Circular A-11, Part 6, Section 210.6\n        \u003c/span\n      \u003e\n    \u003c/button\u003e\n  \u003c/h3\u003e\u003cdiv\n      id=\"card-policy-1\"\n      class=\"card-policy-body usa-accordion__content usa-prose\"\n    \u003e\u003cp\u003e\u003cstrong\u003ePart 6, Section 210 | PUBLIC REPORTING AND PERFORMANCE.GOV\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e210.6 How are agency-specific plans and reports made available to the public on the agency’s website?\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eTo enhance transparency of performance data, all Federal \u003cspan class=\"highlight-text\"\u003eagencies should make information, including prior plans and reports, as easy as possible to locate from the agency’s individual website\u003c/span\u003e (e.g., \u003ca href=\"https://www.usda.gov\"\u003ewww.usda.gov\u003c/a\u003e). Federal Agencies must also provide a hyperlink on Performance.gov to the agency’s public website (e.g., \u003ca href=\"https://www.usda.gov/our-agency/about-usda/performance\"\u003ehttps://www.usda.gov/our-agency/about-usda/performance\u003c/a\u003e) where the agency has published current and past performance plans and reports. In adherence to OMB Memorandum M-17-06, agencies must create a prominent link directly to their performance plans and reports from their “About Agency” or “About Us” page, which is directly off of the agency’s homepage.\u003c/p\u003e\n\u003cp\u003eAgencies may also want to create links from this page to other planning and performance reporting documents, such as the human capital operating plans, information resources management plans, Agency Financial Reports or Performance and Accountability Reports, Congressional Budget Justifications, and other acquisition or capital asset management plans where those other documents are publicly available and relevant to performance on strategic objectives. Agency performance planning and reporting documents available on the agency website should be consistent with Administration policies and not include predecisional information.\u003c/p\u003e\n\u003cp\u003eWhen developing performance information for publication, agencies should be open, transparent, and accountable for results of progress against stated performance goals and objectives, publishing information online consistent with the Federal Records Act, privacy and security restrictions, and other applicable law and policy including \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf\"\u003eOMB Circular A-130\u003c/a\u003e, Managing Information as a Strategic Resource. It is important that agencies communicate relevant, reliable, and timely performance information within and outside their organizations to improve performance outcomes and operational efficiency.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eMachine-readable\u003c/strong\u003e. Consistent with the GPRA Modernization Act of 2010, information published through Performance.gov will be made available to the public in a machine-readable format. See section 240 for additional information on an initiative to make agency performance plans and reports ‘machine readable’ with the 2021 Budget and Performance Planning / Reporting cycle.\u003c/p\u003e\n\u003ca\n        class=\"src\"\n        href=\"https://www.whitehouse.gov/wp-content/uploads/2018/06/a11.pdf\"\n        title=\"View \"\n      \u003e\n        View the full legislation\n        \u003csvg\n          class=\"usa-icon dg-icon dg-icon--standard margin-bottom-05\"\n          aria-hidden=\"true\"\n          focusable=\"false\"\n        \u003e\n          \u003cuse\n            xlink:href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/uswds/img/sprite.svg#arrow_forward\"\n          \u003e\u003c/use\u003e\n        \u003c/svg\u003e\n      \u003c/a\u003e\n    \u003c/div\u003e\u003c/div\u003e\n\n\u003ch2 id=\"equal-employment\"\u003eEqual Employment\u003c/h2\u003e\n\u003cp\u003eAll federal public websites must comply with the existing No Fear Act Notification and Federal Employee Anti-Discrimination and Retaliation of 2002 (No Fear Act) Public Law No. 107-174). Organizations should review the relevant law to ensure that their public websites meet the full range of requirements.\u003c/p\u003e\n\u003cdiv class=\"box \"\u003e\n  \u003ch5 id=\"suggested-link-text\"\u003eSuggested link text:\u003c/h5\u003e\n\u003cp\u003e\u003ccode\u003eNo FEAR Act Data\u003c/code\u003e\u003c/p\u003e\n\u003ch5 id=\"required-on\"\u003eRequired on:\u003c/h5\u003e\n\u003cul\u003e\n\u003cli\u003eThe homepage of your agency\u0026rsquo;s principal website\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5 id=\"required-by\"\u003eRequired by:\u003c/h5\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.govinfo.gov/content/pkg/FR-2006-08-02/html/E6-12432.htm\"\u003eFinal rule issued by the Equal Employment Opportunity Commission\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/div\u003e\n\n\u003cdiv class=\"usa-accordion card-policy\"\u003e\u003ch3 class=\"usa-accordion__heading\"\u003e\n    \u003cbutton\n      class=\"usa-accordion__button\"\n      title=\"View \"\n      aria-expanded=\"false\"\n      aria-controls=\"card-policy-2\"\n    \u003e\n      \u003cspan class=\"scroll\"\u003e\n        \u003csvg\n          class=\"usa-icon dg-icon dg-icon--large margin-bottom-05\"\n          aria-hidden=\"true\"\n          focusable=\"false\"\n        \u003e\n          \u003cuse\n            xlink:href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/uswds/img/sprite.svg#unfold_more\"\n          \u003e\u003c/use\u003e\n        \u003c/svg\u003e\n      \u003c/span\u003e\n      \u003cspan class=\"src\"\u003e\n        \u003cstrong class=\"kicker\"\u003ePolicy\u003c/strong\u003eFinal rule issued by the Equal Employment Opportunity Commission\n        \u003c/span\n      \u003e\n    \u003c/button\u003e\n  \u003c/h3\u003e\u003cdiv\n      id=\"card-policy-2\"\n      class=\"card-policy-body usa-accordion__content usa-prose\"\n    \u003e\u003cp\u003e\u003cstrong\u003eLink Location, Link Name, Search Engines and URLs\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSection 1614.703(d) of the interim rule requires an agency to title its posted EEO information \u003cem\u003eEqual Employment Opportunity Data Posted Pursuant to the No Fear Act\u003c/em\u003e. \u003cspan class=\"highlight-text\"\u003eThis section further requires an agency to prominently place a hyperlink to the data on the homepage of its public Web site.\u003c/span\u003e There was some objection both to the location of the hyperlink and its name.\u003c/p\u003e\n\u003cp\u003eAs for the location, agencies argue that their homepages already are well populated with hyperlinks which primarily are mission-specific. Adding another hyperlink, thereby producing crowding, may in fact be counter-productive. Moreover, many people visiting an agency Web site do so through hyperlinks from other non-agency Web sites or search engines that bypass an agency\u0026rsquo;s homepage. Some agencies allow internet users to compose a personal homepage, which again bypasses the agency\u0026rsquo;s standard homepage. For these and other reasons, the agencies that commented uniformly were of the opinion that a hyperlink on an agency\u0026rsquo;s homepage is not the best way to ensure the public\u0026rsquo;s assess to an agency\u0026rsquo;s posted EEO data. \u003cspan class=\"highlight-text\"\u003eThese agencies therefore suggested that each agency decide itself where to place its EEO data and hyperlinks to that data since each agency best knows where a target audience goes to look for certain information. A number of agencies offered suggestions where the hyperlink would be better placed, such as on the “About the Agency” or “Working for the Agency/Employment” pages.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003eThe Commission is concerned that without a uniform hyperlink location members of the public seeking EEO data from more than one agency will have trouble finding the data. If one agency\u0026rsquo;s hyperlink is on the \u0026ldquo;About the Agency\u0026rdquo; page, another\u0026rsquo;s is on the \u0026ldquo;Employment Opportunities\u0026rdquo; page, another\u0026rsquo;s is on a page entitled \u0026ldquo;Civil Rights\u0026rdquo;, and another\u0026rsquo;s is on the homepage, locating the data for multiple agencies could well end up as an exercise in trial and error. Even assuming that the homepage is not the best or most intuitive location for the hyperlink, EEOC is convinced that it would not be in the public interest to allow each agency to decide where on its Web site it will place the hyperlink. Thus, if not the homepage, EEOC must dictate another uniform location. The problem is that there are no other locations common to all agency public Web sites. Agencies do not label their \u0026ldquo;About the Agency\u0026rdquo; and \u0026ldquo;Employment\u0026rdquo; pages identically. Not every agency has an Employment Opportunities page. Thus, there is no way to standardize through a rule an alternative location for the link. This leaves only the homepage as the one Web page all agencies possess in common, and therefore it is the homepage which shall house the link.\u003c/p\u003e\n\u003cp\u003eRegarding the title of the hyperlink, EEOC agrees that it is too wordy. EEOC, however, does not agree that the label \u0026ldquo;No FEAR\u0026rdquo; will be widely misunderstood by members of the public. On the contrary, the term \u0026ldquo;No FEAR Act\u0026rdquo; has attained familiarity among employees and those involved in EEO matters. Accordingly, \u003cspan class=\"highlight-text\"\u003ethe final rule provides that the hyperlink shall be called “No FEAR Act Data”\u003c/span\u003e. However, agencies will be required to title the page where its data appears as follows:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026ldquo;Equal Employment Opportunity Data Posted Pursuant to Title III of the Notification and Federal Employee Antidiscrimination and Retaliation Act of 2002 (No FEAR Act), Pub. L. 107-174.\u0026rdquo;\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eIn furtherance of making every agency\u0026rsquo;s No FEAR Act data easily accessible, it was suggested that agencies maintain their posted data so that it is readily retrievable by commercial search engines. EEOC agrees and has added a subsection setting forth this requirement.\u003c/p\u003e\n\u003cp\u003eFinally, some commenters suggested that each agency provide EEOC with the hyperlink to its No FEAR data and that EEOC post the agency hyperlinks in one location on EEOC\u0026rsquo;s public Web site. EEOC has decided to adopt this suggestion. Therefore, the final rule contains the requirement that an agency provide EEOC with the URL for the location of its No FEAR data and provide URL updates as necessary. Agencies can e-mail their URLs to EEOC at \u003ca href=\"mailto:NoFEAR.URLS@eeoc.gov\"\u003eNoFEAR.URLS@eeoc.gov\u003c/a\u003e.\u003c/p\u003e\n\u003ca\n        class=\"src\"\n        href=\"https://www.govinfo.gov/content/pkg/FR-2006-08-02/html/E6-12432.htm\"\n        title=\"View \"\n      \u003e\n        View the full legislation\n        \u003csvg\n          class=\"usa-icon dg-icon dg-icon--standard margin-bottom-05\"\n          aria-hidden=\"true\"\n          focusable=\"false\"\n        \u003e\n          \u003cuse\n            xlink:href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/uswds/img/sprite.svg#arrow_forward\"\n          \u003e\u003c/use\u003e\n        \u003c/svg\u003e\n      \u003c/a\u003e\n    \u003c/div\u003e\u003c/div\u003e\n\n\u003ch2 id=\"external-links\"\u003eExternal Links\u003c/h2\u003e\n\u003cp\u003eAgencies must clearly identify external links from their websites. Agency websites must clearly state that the content of external links to non-federal agency websites is not endorsed by the federal government and is not subject to federal information quality, privacy, security, and related guidelines.\u003c/p\u003e\n\u003cp\u003eAny link that is not a federal \u003ccode\u003e.gov\u003c/code\u003e or \u003ccode\u003e.mil\u003c/code\u003e website is considered an external link.\u003c/p\u003e\n\u003cdiv class=\"box \"\u003e\n  \u003ch5 id=\"suggested-link-text\"\u003eSuggested link text:\u003c/h5\u003e\n\u003cp\u003eAgencies should choose the best approach to identify external links to users in a way that minimizes the impact on the usability of their websites and digital services\u003c/p\u003e\n\u003ch5 id=\"required-on\"\u003eRequired on:\u003c/h5\u003e\n\u003cul\u003e\n\u003cli\u003eYour principal website\u003c/li\u003e\n\u003cli\u003eAny known sub-agency site\u003c/li\u003e\n\u003cli\u003eAny known major entry points to your sites\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLearn more about what links provide your users with clear, trustworthy digital experiences in \u003ca href=\"https://digital.gov/resources/delivering-digital-first-public-experience/\"\u003eRequirements for delivering a digital-first public experience\u003c/a\u003e.\u003c/p\u003e\n\n\u003c/div\u003e\n\n\u003ch2 id=\"freedom-of-information-act-foia\"\u003eFreedom of Information Act (FOIA)\u003c/h2\u003e\n\u003cp\u003eAll federal public websites must comply with existing laws and directives that relate to the Freedom of Information Act (FOIA).\u003c/p\u003e\n\u003cp\u003eThere are two requirements that all federal public websites must have:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eA page that includes \u003ca href=\"https://www.justice.gov/oip/blog/foia-update-oip-guidance-electronic-foia-amendments-implementation-guidance-outline\"\u003ecertain content as required by the FOIA\u003c/a\u003e that includes information about how the public can request information under the Freedom of Information Act (FOIA). This page us usually located on the agency’s principal website.\u003c/li\u003e\n\u003cli\u003eA link to this page needs to be on the agency’s principal website and on any known sub-agency or other major entry points.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eOrganizations should review the FOIA and implementation guidance to ensure that their public websites meet the full range of requirements.\u003c/p\u003e\n\u003cdiv class=\"box \"\u003e\n  \u003ch5 id=\"suggested-link-text\"\u003eSuggested link text:\u003c/h5\u003e\n\u003cp\u003e\u003ccode\u003eFOIA\u003c/code\u003e or \u003ccode\u003eFreedom of Information Act\u003c/code\u003e\u003c/p\u003e\n\u003ch5 id=\"required-on\"\u003eRequired on:\u003c/h5\u003e\n\u003cul\u003e\n\u003cli\u003eYour principal website\u003c/li\u003e\n\u003cli\u003eAny known sub-agency site\u003c/li\u003e\n\u003cli\u003eAny known major entry points to your sites\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLearn more about what content helps provide your users with necessary information in \u003ca href=\"https://digital.gov/resources/delivering-digital-first-public-experience/\"\u003eRequirements for delivering a digital-first public experience\u003c/a\u003e.\u003c/p\u003e\n\n\u003c/div\u003e\n\n\u003ch2 id=\"government-customer-support\"\u003eGovernment Customer Support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://usa.gov\"\u003e\u003cstrong\u003eUSA.gov\u003c/strong\u003e\u003c/a\u003e is the official web portal for the U.S. government.\u003c/p\u003e\n\u003cp\u003eWhen you link to USA.gov, please do it in an appropriate context as a service to your customers when they need to find official U.S. government information and services.\u003c/p\u003e\n\u003cp\u003eWe also encourage you to link to \u003ca href=\"https://www.usa.gov/espanol/\"\u003eUSAGov en Español\u003c/a\u003e, the official Spanish language web portal of the U.S. government.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.usa.gov/link-to-us\"\u003eLearn more about linking to USA.gov »\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cdiv class=\"box \"\u003e\n  \u003ch5 id=\"suggested-link-text\"\u003eSuggested link text:\u003c/h5\u003e\n\u003cp\u003e\u003ccode\u003eHave a question about government services? Contact USA.gov\u003c/code\u003e\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"background-color:#fff;-moz-tab-size:2;-o-tab-size:2;tab-size:2;\"\u003e\u003ccode class=\"language-html\" data-lang=\"html\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#888\"\u003e\u0026lt;\u003c/span\u003e\u003cspan style=\"color:#2838b0\"\u003ea\u003c/span\u003e \u003cspan style=\"color:#388038\"\u003ehref\u003c/span\u003e\u003cspan style=\"color:#666\"\u003e=\u003c/span\u003e\u003cspan style=\"color:#b83838\"\u003e\u0026#34;https://www.usa.gov/\u0026#34;\u003c/span\u003e \u003cspan style=\"color:#388038\"\u003etitle\u003c/span\u003e\u003cspan style=\"color:#666\"\u003e=\u003c/span\u003e\u003cspan style=\"color:#b83838\"\u003e\u0026#34;Contact USA.gov\u0026#34;\u003c/span\u003e\u003cspan style=\"color:#888\"\u003e\u0026gt;\u003c/span\u003eContact USA.gov\u003cspan style=\"color:#888\"\u003e\u0026lt;/\u003c/span\u003e\u003cspan style=\"color:#2838b0\"\u003ea\u003c/span\u003e\u003cspan style=\"color:#888\"\u003e\u0026gt;\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003ch5 id=\"required-on\"\u003eRequired on:\u003c/h5\u003e\n\u003cul\u003e\n\u003cli\u003eYour principal website\u003c/li\u003e\n\u003cli\u003eAny known sub-agency site\u003c/li\u003e\n\u003cli\u003eAny known major entry points to your sites\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLearn more about providing straightforward customer support in \u003ca href=\"https://digital.gov/resources/delivering-digital-first-public-experience/\"\u003eRequirements for delivering a digital-first public experience\u003c/a\u003e.\u003c/p\u003e\n\n\u003c/div\u003e\n\n\u003ch2 id=\"privacy-policy\"\u003ePrivacy Policy\u003c/h2\u003e\n\u003cp\u003eAll federal public websites must comply with existing laws and directives that address the need to protect the privacy of the American people when they interact with their government. Some of the key requirements for federal public websites include:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eConducting privacy impact assessments;\u003c/li\u003e\n\u003cli\u003ePosting privacy policies on each website, including instructions on how to \u0026ldquo;\u003ca href=\"http://www.usa.gov/optout_instructions.shtml\"\u003eopt-out\u003c/a\u003e\u0026rdquo; of any web tracking and measurement technologies the agency may use;\u003c/li\u003e\n\u003cli\u003ePosting a “Privacy Act Statement” that tells visitors the organization’s legal authority for collecting personal data and how the data will be used; and\u003c/li\u003e\n\u003cli\u003eTranslating privacy policies into a standardized machine-readable format.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cdiv class=\"box \"\u003e\n  \u003ch5 id=\"suggested-link-text\"\u003eSuggested link text:\u003c/h5\u003e\n\u003cp\u003e\u003ccode\u003ePrivacy Policy\u003c/code\u003e\u003c/p\u003e\n\u003ch5 id=\"required-on\"\u003eRequired on:\u003c/h5\u003e\n\u003cul\u003e\n\u003cli\u003eYour principal website\u003c/li\u003e\n\u003cli\u003eAny known sub-agency site\u003c/li\u003e\n\u003cli\u003eAny known major entry points to your sites\u003c/li\u003e\n\u003cli\u003eAny web page that collects substantial information in identifiable form\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLearn more about what content helps provide your users with clear, contextualized digital experiences in \u003ca href=\"https://digital.gov/resources/delivering-digital-first-public-experience/\"\u003eRequirements for delivering a digital-first public experience\u003c/a\u003e and in \u003ca href=\"https://digital.gov/resources/guidance-for-implementing-the-privacy-provisions-of-the-e-government-act-of-2002-m-03-22/\"\u003eOMB M-03-22, Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002\u003c/a\u003e \u003cem\u003e(See Attachment A, Section III, Privacy Policies on Agency Websites)\u003c/em\u003e\u003c/p\u003e\n\n\u003c/div\u003e\n\n\u003cdiv class=\"usa-accordion card-policy\"\u003e\u003ch3 class=\"usa-accordion__heading\"\u003e\n    \u003cbutton\n      class=\"usa-accordion__button\"\n      title=\"View \"\n      aria-expanded=\"false\"\n      aria-controls=\"card-policy-3\"\n    \u003e\n      \u003cspan class=\"scroll\"\u003e\n        \u003csvg\n          class=\"usa-icon dg-icon dg-icon--large margin-bottom-05\"\n          aria-hidden=\"true\"\n          focusable=\"false\"\n        \u003e\n          \u003cuse\n            xlink:href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/uswds/img/sprite.svg#unfold_more\"\n          \u003e\u003c/use\u003e\n        \u003c/svg\u003e\n      \u003c/span\u003e\n      \u003cspan class=\"src\"\u003e\n        \u003cstrong class=\"kicker\"\u003ePolicy\u003c/strong\u003e\u003cstrong\u003eOMB M-03-22:\u003c/strong\u003e Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002\n        \u003c/span\n      \u003e\n    \u003c/button\u003e\n  \u003c/h3\u003e\u003cdiv\n      id=\"card-policy-3\"\n      class=\"card-policy-body usa-accordion__content usa-prose\"\n    \u003e\u003cp\u003e\u003cstrong\u003eIII. Privacy Policies on Agency Websites\u003c/strong\u003e\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003ePrivacy Policy Clarification\u003c/em\u003e. To promote clarity to the public, agencies are required to refer to their general web site notices explaining agency information handling practices as the \u0026ldquo;Privacy Policy.\u0026rdquo;\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003eEffective Date\u003c/em\u003e. Agencies are expected to implement the following changes to their websites by December 15, 2003.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003eExclusions\u003c/em\u003e: For purposes of web privacy policies, this guidance does not apply to:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003einformation other than \u0026ldquo;government information\u0026rdquo; as defined in \u003ca href=\"https://obamawhitehouse.archives.gov/omb/circulars_a130_a130trans4/\"\u003eOMB Circular A-130\u003c/a\u003e;\u003c/li\u003e\n\u003cli\u003eagency intranet web sites that are accessible only by authorized government users (employees, contractors, consultants, fellows, grantees);\u003c/li\u003e\n\u003cli\u003enational security systems defined at 40 U.S.C. 11103 as exempt from the definition of information technology (see section 202(i) of the E-government Act).\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003eContent of Privacy Policies\u003c/em\u003e.\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003eAgency Privacy Policies must comply with guidance issued in OMB \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-18-Privacy-Policies-on-Federal-Web-Sites.pdf\"\u003eMemorandum 99-18\u003c/a\u003e and must now also include the following two new content areas:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003eConsent to collection and sharing\u003c/em\u003e \u003csup\u003e\u003ca href=\"https://obamawhitehouse.archives.gov/omb/memoranda_m03-22/#15\"\u003e15\u003c/a\u003e\u003c/sup\u003e. Agencies must now ensure that privacy policies:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003einform visitors whenever providing requested information is voluntary;\u003c/li\u003e\n\u003cli\u003einform visitors how to grant consent for use of voluntarily-provided information; and\u003c/li\u003e\n\u003cli\u003einform visitors how to grant consent to use mandatorily-provided information for other than statutorily-mandated uses or authorized routine uses under the Privacy Act.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003eRights under the Privacy Act or other privacy laws\u003c/em\u003e \u003csup\u003e\u003ca href=\"https://obamawhitehouse.archives.gov/omb/memoranda_m03-22/#16\"\u003e16\u003c/a\u003e\u003c/sup\u003e. Agencies must now also notify web-site visitors of their rights under the Privacy Act or other privacy-protecting laws that may primarily apply to specific agencies (such as the Health Insurance Portability and Accountability Act of 1996, the IRS Restructuring and Reform Act of 1998, or the Family Education Rights and Privacy Act):\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003ein the body of the web privacy policy;\u003c/li\u003e\n\u003cli\u003evia link to the applicable agency regulation (e.g., Privacy Act regulation and pertinent system notice); or\u003c/li\u003e\n\u003cli\u003evia link to other official summary of statutory rights (such as the summary of Privacy Act rights in the FOIA/Privacy Act Reference Materials posted by the Federal Consumer Information Center at \u003ca href=\"http://www.firstgov.gov/\"\u003ewww.Firstgov.gov\u003c/a\u003e).\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAgency Privacy Policies must continue to address the following, modified, requirements:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003eNature, purpose, use and sharing of information collected. Agencies should follow existing policies (issued in \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-18-Privacy-Policies-on-Federal-Web-Sites.pdf\"\u003eOMB Memorandum 99-18\u003c/a\u003e) concerning notice of the nature, purpose, use and sharing of information collected via the Internet, as modified below:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003ePrivacy Act information\u003c/em\u003e. When agencies collect information subject to the Privacy Act, agencies are directed to explain what portion of the information is maintained and retrieved by name or personal identifier in a Privacy Act system of records and provide a Privacy Act Statement either:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eat the point of collection, or\u003c/li\u003e\n\u003cli\u003evia link to the agency’s general Privacy Policy \u003csup\u003e\u003ca href=\"https://obamawhitehouse.archives.gov/omb/memoranda_m03-22/#18\"\u003e18\u003c/a\u003e\u003c/sup\u003e.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003e\u0026ldquo;Privacy Act Statements\u0026rdquo;\u003c/em\u003e. Privacy Act Statements must notify users of the authority for and purpose and use of the collection of information subject to the Privacy Act, whether providing the information is mandatory or voluntary, and the effects of not providing all or any part of the requested information.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003eAutomatically Collected Information (site management data)\u003c/em\u003e. Agency Privacy Policies must specify what information the agency collects automatically (i.e., user’s IP address, location, and time of visit) and identify the use for which it is collected (i.e., site management or security purposes).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003eInteraction with children\u003c/em\u003e: Agencies that provide content to children under 13 and that collect personally identifiable information from these visitors should incorporate the requirements of the Children’s Online Privacy Protection Act (\u0026ldquo;COPPA\u0026rdquo;) into their Privacy Policies (see Attachment C) \u003csup\u003e\u003ca href=\"https://obamawhitehouse.archives.gov/omb/memoranda_m03-22/#19\"\u003e19\u003c/a\u003e\u003c/sup\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003eTracking and customization activities\u003c/em\u003e. Agencies are directed to adhere to the following modifications to \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-13-Privacy-Policies-and-Data-Collection-on-Federal-Web-Sites.pdf\"\u003eOMB Memorandum 00-13\u003c/a\u003e and the OMB follow-up guidance letter dated \u003ca href=\"https://obamawhitehouse.archives.gov/omb/inforeg_cookies_letter90500/\"\u003eSeptember 5, 2000\u003c/a\u003e:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003eTracking technology prohibitions\u003c/em\u003e:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003eagencies are prohibited from using persistent cookies or any other means (e.g., web beacons) to track visitors’ activity on the Internet except as provided in subsection (b) below;\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eagency heads may approve, or may authorize the heads of sub-agencies or senior official(s) reporting directly to the agency head to approve, the use of persistent tracking technology for a compelling need. When used, agency’s must post clear notice in the agency’s privacy policy of:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ethe nature of the information collected;\u003c/li\u003e\n\u003cli\u003ethe purpose and use for the information;\u003c/li\u003e\n\u003cli\u003ewhether and to whom the information will be disclosed; and\u003c/li\u003e\n\u003cli\u003ethe privacy safeguards applied to the information collected.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eagencies must report the use of persistent tracking technologies as authorized for use by subsection b. above (see section VII) \u003csup\u003e\u003ca href=\"https://obamawhitehouse.archives.gov/omb/memoranda_m03-22/#20\"\u003e20\u003c/a\u003e\u003c/sup\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003eThe following technologies are not prohibited:\u003c/em\u003e\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003eTechnology that is used to facilitate a visitor’s activity within a single session (e.g., a \u0026ldquo;session cookie\u0026rdquo;) and does not persist over time is not subject to the prohibition on the use of tracking technology.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCustomization technology (to customize a website at the visitor’s request) if approved by the agency head or designee for use (see v.1.b above) and where the following is posted in the Agency’s Privacy Policy:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ethe purpose of the tracking (i.e., customization of the site);\u003c/li\u003e\n\u003cli\u003ethat accepting the customizing feature is voluntary;\u003c/li\u003e\n\u003cli\u003ethat declining the feature still permits the individual to use the site; and\u003c/li\u003e\n\u003cli\u003ethe privacy safeguards in place for handling the information collected.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAgency use of password access to information that does not involve \u0026ldquo;persistent cookies\u0026rdquo; or similar technology.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003eLaw enforcement and homeland security sharing\u003c/em\u003e: Consistent with current practice, Internet privacy policies may reflect that collected information may be shared and protected as necessary for authorized law enforcement, homeland security and national security activities.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003eSecurity of the information\u003c/em\u003e \u003csup\u003e\u003ca href=\"https://obamawhitehouse.archives.gov/omb/memoranda_m03-22/#21\"\u003e21\u003c/a\u003e\u003c/sup\u003e. Agencies should continue to comply with existing requirements for computer security in administering their websites \u003csup\u003e\u003ca href=\"https://obamawhitehouse.archives.gov/omb/memoranda_m03-22/#22\"\u003e22\u003c/a\u003e\u003c/sup\u003e and post the following information in their Privacy Policy:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003ein clear language, information about management, operational and technical controls ensuring the security and confidentiality of personally identifiable records (e.g., access controls, data storage procedures, periodic testing of safeguards, etc.), and\u003c/li\u003e\n\u003cli\u003ein general terms, information about any additional safeguards used to identify and prevent unauthorized attempts to access or cause harm to information and systems. (The statement should be at a level to inform the public that their information is being protected while not compromising security.)\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003ePlacement of notices\u003c/em\u003e. Agencies should continue to follow the policy identified in \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-18-Privacy-Policies-on-Federal-Web-Sites.pdf\"\u003eOMB Memorandum 99-18\u003c/a\u003e regarding the posting of privacy policies on their websites. Specifically, \u003cspan class=\"highlight-text\"\u003eagencies must post (or link to) privacy policies at:\u003c/span\u003e\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\u003cspan class=\"highlight-text\"\u003etheir principal web site;\u003c/span\u003e\u003c/li\u003e\n\u003cli\u003e\u003cspan class=\"highlight-text\"\u003eany known, major entry points to their sites;\u003c/span\u003e\u003c/li\u003e\n\u003cli\u003e\u003cspan class=\"highlight-text\"\u003eany web page that collects substantial information in identifiable form.\u003c/span\u003e\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eClarity of notices\u003c/em\u003e\u003c/strong\u003e. Consistent with \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-18-Privacy-Policies-on-Federal-Web-Sites.pdf\"\u003eOMB Memorandum 99-18\u003c/a\u003e, privacy policies must be:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eclearly labeled and easily accessed;\u003c/li\u003e\n\u003cli\u003ewritten in plain language; and\u003c/li\u003e\n\u003cli\u003emade clear and easy to understand, whether by integrating all information and statements into a single posting, by layering a short \u0026ldquo;highlights\u0026rdquo; notice linked to full explanation, or by other means the agency determines is effective.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ca\n        class=\"src\"\n        href=\"https://digital.gov/resources/guidance-for-implementing-the-privacy-provisions-of-the-e-government-act-of-2002-m-03-22/\"\n        title=\"View \"\n      \u003e\n        View the full legislation\n        \u003csvg\n          class=\"usa-icon dg-icon dg-icon--standard margin-bottom-05\"\n          aria-hidden=\"true\"\n          focusable=\"false\"\n        \u003e\n          \u003cuse\n            xlink:href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/uswds/img/sprite.svg#arrow_forward\"\n          \u003e\u003c/use\u003e\n        \u003c/svg\u003e\n      \u003c/a\u003e\n    \u003c/div\u003e\u003c/div\u003e\n\n\u003ch2 id=\"report-fraud-to-the-inspector-general\"\u003eReport Fraud to the Inspector General\u003c/h2\u003e\n\u003cp\u003eA method for reporting evidence of waste, fraud, or abuse to the Inspector General, and linking to Inspector General audits and investigative reports.\u003c/p\u003e\n\u003cdiv class=\"box \"\u003e\n  \u003ch5 id=\"suggested-link-text\"\u003eSuggested link text:\u003c/h5\u003e\n\u003cp\u003e\u003ccode\u003eOffice of the Inspector General\u003c/code\u003e\u003c/p\u003e\n\u003ch5 id=\"required-on\"\u003eRequired on:\u003c/h5\u003e\n\u003cul\u003e\n\u003cli\u003eHomepage of each executive department, agency, and commission\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5 id=\"required-by\"\u003eRequired by:\u003c/h5\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.gpo.gov/fdsys/pkg/PLAW-110publ161/html/PLAW-110publ161.htm\"\u003eConsolidated Appropriations Act\u003c/a\u003e for FY 2008, Division D, Title VI, Section 534\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/div\u003e\n\n\u003cdiv class=\"usa-accordion card-policy\"\u003e\u003ch3 class=\"usa-accordion__heading\"\u003e\n    \u003cbutton\n      class=\"usa-accordion__button\"\n      title=\"View \"\n      aria-expanded=\"false\"\n      aria-controls=\"card-policy-4\"\n    \u003e\n      \u003cspan class=\"scroll\"\u003e\n        \u003csvg\n          class=\"usa-icon dg-icon dg-icon--large margin-bottom-05\"\n          aria-hidden=\"true\"\n          focusable=\"false\"\n        \u003e\n          \u003cuse\n            xlink:href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/uswds/img/sprite.svg#unfold_more\"\n          \u003e\u003c/use\u003e\n        \u003c/svg\u003e\n      \u003c/span\u003e\n      \u003cspan class=\"src\"\u003e\n        \u003cstrong class=\"kicker\"\u003ePolicy\u003c/strong\u003eConsolidated Appropriations Act\n        \u003c/span\n      \u003e\n    \u003c/button\u003e\n  \u003c/h3\u003e\u003cdiv\n      id=\"card-policy-4\"\n      class=\"card-policy-body usa-accordion__content usa-prose\"\n    \u003e\u003cp\u003e\u003cstrong\u003eSec. 534.\u003c/strong\u003e (NOTE: 5 USC app. 6 note.) \u003cspan class=\"highlight-text\"\u003eThe departments, agencies, and commissions funded under this Act, shall establish and maintain on the homepages of their Internet websites\u003c/span\u003e\u0026ndash;\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cspan class=\"highlight-text\"\u003e(1) a direct link to the Internet websites of their Offices of Inspectors General\u003c/span\u003e; and\u003c/li\u003e\n\u003cli\u003e(2) a mechanism on the Offices of Inspectors General website by which individuals may anonymously report cases of waste, fraud, or abuse with respect to those Departments, agencies, and commissions.\u003c/li\u003e\n\u003c/ul\u003e\u003ca\n        class=\"src\"\n        href=\"https://www.gpo.gov/fdsys/pkg/PLAW-110publ161/html/PLAW-110publ161.htm\"\n        title=\"View \"\n      \u003e\n        View the full legislation\n        \u003csvg\n          class=\"usa-icon dg-icon dg-icon--standard margin-bottom-05\"\n          aria-hidden=\"true\"\n          focusable=\"false\"\n        \u003e\n          \u003cuse\n            xlink:href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/uswds/img/sprite.svg#arrow_forward\"\n          \u003e\u003c/use\u003e\n        \u003c/svg\u003e\n      \u003c/a\u003e\n    \u003c/div\u003e\u003c/div\u003e\n\n\u003ch2 id=\"security\"\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAgencies must have a way for the public to report potential security vulnerabilities, and explain how the agency will respond to such reports.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure your site\u0026rsquo;s Security Contact and Organization are current in the \u003ca href=\"https://domains.dotgov.gov/\"\u003e.gov registrar\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePublish a vulnerability disclosure policy at [agency].gov/vulnerability-disclosure-policy\u003c/li\u003e\n\u003c/ul\u003e\n\u003cdiv class=\"box \"\u003e\n  \u003ch5 id=\"suggested-link-text\"\u003eSuggested link text:\u003c/h5\u003e\n\u003cp\u003e\u003ccode\u003eVulnerability Disclosure Policy\u003c/code\u003e\u003c/p\u003e\n\u003ch5 id=\"required-on\"\u003eRequired on:\u003c/h5\u003e\n\u003cul\u003e\n\u003cli\u003eYour website policies page\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5 id=\"required-by\"\u003eRequired by:\u003c/h5\u003e\n\u003cul\u003e\n\u003cli\u003eDepartment of Homeland Security (DHS) Binding Operational Directive 20-01\u003c/li\u003e\n\u003cli\u003eOMB M-20-32, Improving Vulnerability Identification, Management, and Remediation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/div\u003e\n\n\u003cdiv class=\"usa-accordion card-policy\"\u003e\u003ch3 class=\"usa-accordion__heading\"\u003e\n    \u003cbutton\n      class=\"usa-accordion__button\"\n      title=\"View \"\n      aria-expanded=\"false\"\n      aria-controls=\"card-policy-5\"\n    \u003e\n      \u003cspan class=\"scroll\"\u003e\n        \u003csvg\n          class=\"usa-icon dg-icon dg-icon--large margin-bottom-05\"\n          aria-hidden=\"true\"\n          focusable=\"false\"\n        \u003e\n          \u003cuse\n            xlink:href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/uswds/img/sprite.svg#unfold_more\"\n          \u003e\u003c/use\u003e\n        \u003c/svg\u003e\n      \u003c/span\u003e\n      \u003cspan class=\"src\"\u003e\n        \u003cstrong class=\"kicker\"\u003ePolicy\u003c/strong\u003eDHS Binding Operational Directive 20-01\n        \u003c/span\n      \u003e\n    \u003c/button\u003e\n  \u003c/h3\u003e\u003cdiv\n      id=\"card-policy-5\"\n      class=\"card-policy-body usa-accordion__content usa-prose\"\n    \u003e\u003ca\n        class=\"src\"\n        href=\"https://cyber.dhs.gov/bod/20-01/#required-actions\"\n        title=\"View \"\n      \u003e\n        View the full legislation\n        \u003csvg\n          class=\"usa-icon dg-icon dg-icon--standard margin-bottom-05\"\n          aria-hidden=\"true\"\n          focusable=\"false\"\n        \u003e\n          \u003cuse\n            xlink:href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/uswds/img/sprite.svg#arrow_forward\"\n          \u003e\u003c/use\u003e\n        \u003c/svg\u003e\n      \u003c/a\u003e\n    \u003c/div\u003e\u003c/div\u003e\n\n\u003cdiv class=\"usa-accordion card-policy\"\u003e\u003ch3 class=\"usa-accordion__heading\"\u003e\n    \u003cbutton\n      class=\"usa-accordion__button\"\n      title=\"View \"\n      aria-expanded=\"false\"\n      aria-controls=\"card-policy-6\"\n    \u003e\n      \u003cspan class=\"scroll\"\u003e\n        \u003csvg\n          class=\"usa-icon dg-icon dg-icon--large margin-bottom-05\"\n          aria-hidden=\"true\"\n          focusable=\"false\"\n        \u003e\n          \u003cuse\n            xlink:href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/uswds/img/sprite.svg#unfold_more\"\n          \u003e\u003c/use\u003e\n        \u003c/svg\u003e\n      \u003c/span\u003e\n      \u003cspan class=\"src\"\u003e\n        \u003cstrong class=\"kicker\"\u003ePolicy\u003c/strong\u003eOMB M-20-32, Improving Vulnerability Identification, Management, and Remediation\n        \u003c/span\n      \u003e\n    \u003c/button\u003e\n  \u003c/h3\u003e\u003cdiv\n      id=\"card-policy-6\"\n      class=\"card-policy-body usa-accordion__content usa-prose\"\n    \u003e\u003ca\n        class=\"src\"\n        href=\"https://www.whitehouse.gov/wp-content/uploads/2020/09/M-20-32.pdf\"\n        title=\"View \"\n      \u003e\n        View the full legislation\n        \u003csvg\n          class=\"usa-icon dg-icon dg-icon--standard margin-bottom-05\"\n          aria-hidden=\"true\"\n          focusable=\"false\"\n        \u003e\n          \u003cuse\n            xlink:href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/uswds/img/sprite.svg#arrow_forward\"\n          \u003e\u003c/use\u003e\n        \u003c/svg\u003e\n      \u003c/a\u003e\n    \u003c/div\u003e\u003c/div\u003e\n\n\u003chr\u003e\n\u003cp\u003e\u003cem\u003eThese requirements apply to executive branch departments and agencies and their public websites. Check the specific law or policy to see if it also applies to the judicial or legislative agencies, or intranets.\u003c/em\u003e\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003cstrong\u003eThe Federal Web Managers Council\u003c/strong\u003e recommends that government agencies use consistent link labels for common content found on government websites. These recommendations are based on industry standard link labels and a usability study of common government terms \u003ca href=\"http://www.slideshare.net/DigitalGov/icgi-content-standards-usability-test-results\" title=\"ICGI Content Standards: Usability Test Results, Content Managers’ Forum, July 15, 2004\"\u003eusability study of common government terms\u003c/a\u003e (MS PowerPoint presentation, 144 KB, 49 slides, July 2004).\u003c/em\u003e\u003c/p\u003e\n"}
  ]
}