Checklist of requirements for federal websites and digital services

Note

You should regularly review your agency’s websites and other digital products and services to ensure they comply with all relevant laws, policies, and regulations.

Overarching policies

These high-level policies cover basic requirements for all websites and digital services. Use this Requirements and Go-Live Checklist for Federal Public Websites and Digital Services (Excel spreadsheet, 59.4KB, 13 tabs) to ensure you’ve addressed all critical requirements. If you have difficulty viewing this file, please reach out to us.

21st Century Integrated Digital Experience Act (21st Century IDEA), including the required website standards, December 2018
OMB M-17-06, Policies for Federal Agency Public Websites and Digital Services (PDF, 1.2 MB, 18 pages, November 2016)
OMB Circular A-130, Managing Information as a Strategic Resource (July 28, 2016)
Digital Government Strategy (May 2012)
E-Government Act of 2002, Section 207
See our list of Required Web Content and Links »

Accessibility and Section 508

Ensure access for people with disabilities, including motor, auditory, cognitive, seizure/neurological, and visual impairments; ensure content is “perceivable, operable, understandable, and robust.” Teach staff how to create accessible products, and conduct accessibility testing before launch, or when making significant changes to, digital products and services.

Analytics

Understand customer needs, set performance standards, collect and address customer feedback, and use data to continuously improve your programs.

Implementing Performance and Customer Satisfaction Tools (OMB guidance accessible to federal employees on the OMB MAX wiki)
OMB M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies (PDF, 102 kb, 9 pages, June 2010)
OMB M-17-06, Policies for Federal Agency Public Websites and Digital Services (PDF, 1.2 MB, 18 pages, November 2016)
- See our guide for the Digital Analytics Program (DAP), a free analytics tool for measuring digital services in the federal government (use is required by M-17-06).

Coordination during incidents of national significance

Federal websites must provide timely and accurate information during incidents of national significance. During such incidents, the Department of Homeland Security has the authority to coordinate all U.S. government communications to ensure consistent public information through an integrated federal incident communications system. Coordinate emergency response-related web communications with your Federal Web Council representative.

Emergency Support Function 15 (ESF-15 - Public Affairs – Annex R) of the National Response Framework

Copyright

Inform the public about your policies on digital rights, copyrights, trademarks, and patents. If your organization uses or duplicates private sector information, protect the property rights of the source. (These protections apply to any material posted to federal public websites, such as documents, graphics, or audio files.)

Copyright Law
U.S. Trademark Law (PDF, 1.5 MB, 260 pages, March 2010)
U.S. Patent Law, U.S. Code 35, Chapter 26
U.S. Copyright Office

Customer experience

Understand the needs of your customers, collect and address customer feedback, and use data and feedback to continuously improve your programs. Ensure that information collected from the public minimizes burden and maximizes public utility. Use social media and other third-party platforms to listen to and serve customers. Secure OMB approval before collecting information from the public (surveys, forms, etc.), and include the OMB control number on the collection. Enable digital interactions with the public and deliver services via your customers’ channel of choice.

Design

Use the U.S. Web Design System (USWDS) to deliver a great digital experience by integrating design principles, following user experience guidance, and using USWDS code.

Follow current government design standards when creating new websites or making significant changes to existing websites.

Website standards, as defined in 21st Century IDEA

Domains

Federal executive branch agency websites must use only .gov or .mil domains unless the agency head explicitly determines another domain is necessary for the proper performance of an agency function (this is rare). Coordinate with your agency CIO to request a new .gov domain. Clearly display the name of your agency on every page of the website.

OMB M-23-10, The Registration and Use of .gov Domains in the Federal Government (PDF, 96 kb, 3 pages, February 2023); guidance to Federal agencies on the acceptable use and registration of Internet domain names
GOV Domain Name Registration Service – request a new .gov domain
DOTGOV Online Trust in Government Act of 2020 authorizes CISA to manage the .gov registration process

Freedom of Information Act (FOIA)

Include all required FOIA content and links.

Freedom of Information Act (FOIA)
Memo to Agency Heads with updated guidance on implementing the Freedom of Information Act (March 19, 2009) (PDF, 1 MB, 3 pages, March 2009) - If release is discretionary, disclosure is the default unless the agency can show that a protected interest would be harmed
Agency FOIA Websites 2.0
FOIA.gov Frequently Asked Questions
Methods Agencies Use to Prepare Documents for Posting on Agency FOIA Websites
Proactive Disclosure of Non-Exempt Agency Information: Making Information Available Without the Need to File a FOIA Request

Records that must be posted under FOIA:

Methods for making requests or obtaining information or decisions;
Final opinions, including concurring and dissenting opinions, as well as orders made adjudicating cases;
Statements of policy and interpretations adopted by the agency but not published in the Federal Register;
Administrative manuals and staff instructions that affect the public; and
Records that have been released under FOIA, are likely to be requested or have been requested three or more times (the “Rule of Three”).

Categories of records to prioritize for posting:

Records frequently requested under FOIA;
Agency FOIA logs;
Materials that are related to the operation and establishment of federal advisory committees;
Unclassified agency reports and testimony submitted to Congress;
An agency organizational chart and a directory listing contact information for all offices;
Proposed agency records schedules;
Statements of administration policy and enrolled bill memoranda submitted to the Office of Management and Budget;
Records pertaining to lobbying such as Form SF-LLL, Disclosure of Lobbying Activities;
Calendars of top officials (e.g., Secretary, Deputy Secretary, Assistant Secretary, and other agency heads) within one month, subject to privacy and security redactions;
The agency’s top 10 contracts, task orders, and grants, as measured by dollar value, and all contracts, task orders, and grants that are valued at more than $100 million; and
Material that has been declassified, to the greatest extent possible.

Governance

Establish a digital governance structure to provide accountability and enforce policies and standards. Manage and fund your digital presence as an integral part of your overall business, communications, and customer experience strategies. Leverage existing infrastructure, shared tools, best practices, and communities of practice, and coordinate within and across agencies to create efficiency and reduce duplication. When missions overlap, collaborate with other agencies to develop cross-agency websites (portals); coordinate across government to disseminate emergency response info.

Connected Government Act, January 2018
Digital Governance Policy Outline
Digital Government Strategy (May 2012) (requirement 4.2)

Information quality

Create content that’s accurate, relevant, easy-to-use, and conveyed in plain language. Maximize the quality, objectivity, utility, and integrity of information and services provided to the public, and make information and services available on a timely and equitable basis.

Public Law 106-554, Guidelines for Ensuring and Maximizing the Quality Objectivity, Utility, and Integrity of Information Disseminated by Federal Agencies (Section 515) (PDF, 161 kb, 10 pages, February 2002)

Mandatory content

Include all required content and links. Implement the U.S. Web Design System, particularly the banner and identifier components, to enable more consistency across federal websites around common content elements.

Mobile

Improve priority customer facing services for mobile use. Shift to an enterprise-wide asset management and procurement model, including mobile-related procurements.

Connected Government Act, January 2018

Multilingual websites

Comply with the requirements of Executive Order 13166, based on Title VI of the Civil Rights Act of 1964, which bans discrimination on the basis of national origin.

Open Government, data, and content

Publish information in ways that make it easy to find, access, share, distribute, and re-purpose; Structure content and tag with standard metadata. Make open data, content, and application programming interfaces (APIs) the new default, and make existing high-value data and content available through APIs. Use challenges and prizes to promote open government, innovation, and other national priorities.

A Strategy for American Innovation (PDF, 1.22 MB, 120 pages, October 2015)
Executive Order—Making Open and Machine Readable the New Default for Government Information (May 2013)
OMB M-13-13 Open Data Policy—Managing Information as an Asset (PDF, 5.83 MB, 12 pages, May 2013)
OMB M-10-06, Open Government Directive (December 2009)
Guidance on the Use of Challenges and Prizes to Promote Open Government (PDF, 92.5 kb, 12 pages, March 2010)
View all Open Government policies on whitehouse.gov

Paperwork reduction

Information you collect from the public should minimize burden and maximize public utility. Get OMB approval before collecting information from the public via surveys, forms, etc., and include the OMB control number on the collection. Use OMB’s Fast-Track PRA Review Process to speed the PRA approval process. Use digital processes (forms, filing, signatures, etc.) and deliver services via your customers’ channel of choice (online, apps, etc.) whenever possible. Designate a single point of contact for small businesses, and post the contact information on your website.

Paperwork Reduction Act (44 U.S.C. 3501 et seq.)
Federal Collection of Information
OMB M-11-26, New Fast-Track Process for Collecting Service Delivery Feedback Under the Paperwork Reduction Act (PDF, 196 kb, 4 pages, June 2011)
Social Media, Web-Based Interactive Technologies, and the Paperwork Reduction Act (PDF, 83 kb, 7 pages, April 2010)
Government Paperwork Elimination Act (GPEA) (1998)
Small Business Paperwork Relief Act of 2002 (PDF, 49 kb, 5 pages, June 2002)

Performance measurement and reporting

Regularly evaluate all digital products for performance and cost effectiveness by collecting and acting on metrics and customer feedback, conducting usability testing, and measuring return on investment. Establish performance measures to demonstrate mission achievement; Make your annual performance plans readily available to the public.

Government Performance and Results (GPRA) Modernization Act of 2010

Plain writing

Federal executive branch agencies are required to write all new or significantly revised publications, forms and publicly distributed documents in a “clear, concise, well-organized” manner.

OMB Memo on Testing and Simplifying Federal Forms (PDF, 94 kb, 2 pages, August 2012)
Plain Writing Act of 2010 (PDF, 153 kb, 3 pages, January 2010)
Executive Orders 12866 and 12988
OMB Final Guidance on Implementing the Plain Writing Act of 2010 (PDF, 269 kb, 6 pages, April 2011)

Privacy and identity management

Implement security and management controls to prevent the inappropriate disclosure of sensitive information. Provide service through a secure connection. Provide a link to your privacy policy on every page, or in your overall site policies. Conduct a privacy impact assessment of your website. Post a “Privacy Act Statement” that explains your legal authority for collecting personal data and how the data will be used.

OBM M-19-17, Enabling Mission Delivery through Improved Identity, Credential, and Access Management (PDF, 1 MB, 13 pages, May 2019)
OMB M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information (PDF, 26.96 MB, 47 pages, January 2017)
OMB M-17-09, Management of Federal High Value Assets (PDF, 9.14 MB, 16 pages, December 2016)
OMB M-11-11, Continued Implementation of Homeland Security Presidential Directive (HSPD) 12–Policy for a Common Identification Standard for Federal Employees and Contractors (PDF, 205 kb, 6 pages, February 2011)
OMB M-03–22, Guidance for Implementing the Privacy Provisions of the E–Government Act of 2002 (September 2003)
800 series NIST Special Publications
Children’s Online Privacy Protection Act of 1998 (COPPA)
Privacy Act of 1974

Prohibition on advertising

Comply with existing laws that prohibit federal public websites from being used for direct or indirect lobbying. Consult your agency’s legal staff for guidance to ensure that your site does not advertise for, nor provide preferential treatment to, private individuals, firms, or corporations.

Prohibition of Lobbying (Title 18, Section 1913, U.S. Code)

Records management

Work with your agency Records Officer and follow NARA guidance to establish and maintain inventories, priorities, and records schedules, and regularly delete or archive content that is obsolete and is not required by law or regulation. Create content inventories which identify categories of information (e.g., press releases or publications), not specific documents. Post inventories, priorities, and schedules for posting additional content on the website for comment.

Search

Ensure your website includes a search function which follows industry standard best practices. Write content in plain language, using the words of your customers, so they can easily find what they need when searching the web or your website.

Search.gov (formerly DigitalGov Search)

Security

Implement security and management controls to prevent the inappropriate disclosure of sensitive information. Provide adequate security controls to ensure information is resistant to tampering, remains confidential as necessary, and is available as intended by the agency and expected by users. Implement management controls to prevent the inappropriate disclosure of sensitive information. Provide general information to the public about your security protocols. Provide a way for the public to report vulnerabilities.

Binding Operational Directive 20-01, Develop and Publish a Vulnerability Disclosure Policy (September 2, 2020)
Cybersecurity Executive Order 13800 (May 11, 2017)
OMB M-15-13, Policy to Require Secure Connections across Federal Websites and Web Services (PDF, 258 kb, 5 pages, June 2015)
Federal Information Security Modernization Act of 2014 (FISMA) (Public Law 113-283) (PDF, December 2014)
NIST Guidelines on Securing Public Web Servers (PDF, 960 kb, 142 pages, September 2007)
OMB M-04-15 Reporting Instructions for the Federal Information Security Management Act (PDF, 121 kb, 14 pages, August 2004)

Technology standards

Use the most recent and up-to-date technical standards for your digital services. Provide service through a secure connection. Deploy and use IPv6.

The HTTPS-Only Standard
OMB M-21-07 Completing the Transition to Internet Protocol Version 6 (IPv6) (PDF, 5.9 MB, 7 pages, November 2020)

Use social tools to interact with customers and improve the customer experience.

OMB Memorandum M-13-10: Antideficiency Act Implications of Certain Online Terms of Service Agreements (PDF, 1.1 MB, 17 pages, April 2013)
Social Media, Web-Based Interactive Technologies, and the Paperwork Reduction Act (OMB memo) (PDF, 83 kb, 7 pages, April 2010)
Guidelines for Secure Use of Social Media by Federal Departments and Agencies (PDF, 233 kb, 19 pages, September 2009)
OGE LA-23-03: The Standards of Conduct and 18 U.S.C. § 208 as Applied to Official Social Media Use (PDF, 8 pages, January 2023)