Checklist of Requirements for Federal Websites and Digital Services
NoteYou should regularly review your agency’s websites and other digital products and services to ensure they comply with all relevant laws, policies, and regulations.
These high-level policies cover basic requirements for all websites and digital services. Use this handy Requirements and Go-Live Checklist for Federal Public Websites and Digital Services (Excel spreadsheet, 69 KB, 14 tabs) to ensure you’ve addressed all critical requirements.
- 21st Century Integrated Digital Experience Act (21st Century IDEA), including the required website standards, December 2018
- OMB M-17-06, Policies for Federal Agency Public Websites and Digital Services (PDF, 1.2 MB, 18 pages, November 2016)
- OMB Circular A-130, Managing Information as a Strategic Resource (July 28, 2016)
- Digital Government Strategy (May 2012)
- E-Government Act of 2002, Section 207
- See a full list of policies and regulations »
- See our list of Required Web Content and Links »
Accessibility and Section 508
Ensure access for people with disabilities, including motor, auditory, cognitive, seizure/neurological, and visual impairments; ensure content is “perceivable, operable, understandable, and robust.” Teach staff how to create accessible products, and conduct accessibility testing before launch, or when making significant changes to, digital products and services.
- Section 508 of the Rehabilitation Act of 1973 (29 U.S.C § 794 (d))
- Information and Communication Technology (ICT) Accessibility 508 Standards
- Required Link - Accessibility Statement
- Overview of Section 508 and related laws
- Governmentwide Section 508 Strategic Plan (2013)
Understand customer needs, set performance standards, collect and address customer feedback, and use data to continuously improve your programs.
- Implementing Performance and Customer Satisfaction Tools (OMB guidance accessible to federal employees on the OMB MAX wiki)
- OMB M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies (PDF, 102 kb, 9 pages, June 2010)
- OMB M-17-06, Policies for Federal Agency Public Websites and Digital Services (PDF, 1.2 MB, 18 pages, November 2016)
- See our guide for the Digital Analytics Program (DAP), a free analytics tool for measuring digital services in the federal government (use is required by M-17-06).
Coordination During Incidents of National Significance
Federal websites must provide timely and accurate information during incidents of national significance. During such incidents, the Department of Homeland Security has the authority to coordinate all U.S. government communications to ensure consistent public information through an integrated federal incident communications system. Coordinate emergency response-related web communications with your Federal Web Council representative.
- Emergency Support Function 15 (ESF-15 - Public Affairs – Annex R) of the National Response Framework
Inform the public about your policies on digital rights, copyrights, trademarks, and patents. If your organization uses or duplicates private sector information, protect the property rights of the source. (These protections apply to any material posted to federal public websites, such as documents, graphics, or audio files.)
- Copyright Law
- U.S. Trademark Law (PDF, 1.5 MB, 260 pages, March 2010)
- Digital Millennium Copyright Act (PDF, 277 kb, 60 pages, January 1999)
- U.S. Patent Law, U.S. Code 35, Chapter 26
- United States Government Works and Copyright Act of 1976 (Word document, 16 kb, 2 pages, June 2011)
Understand the needs of your customers, collect and address customer feedback, and use data and feedback to continuously improve your programs. Ensure that information collected from the public minimizes burden and maximizes public utility. Use social media and other third-party platforms to listen to and serve customers. Secure OMB approval before collecting information from the public (surveys, forms, etc.), and include the OMB control number on the collection. Enable digital interactions with the public and deliver services via your customers' channel of choice.
- Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government
- FACT SHEET: Putting the Public First: Improving Customer Experience and Service Delivery for the American People
- OMB Circular A-11 Section 280, Managing Customer Experience and Improving Service Delivery (2021) (PDF, 410 kb, 11 pages)
- See all Government Customer Service Policies and Requirements
- New Fast-Track Process for Collecting Service Delivery Feedback Under the Paperwork Reduction Act (June 15, 2011) (PDF, 196 kb, 4 pages)
Use the U.S. Web Design System (USWDS) to deliver a great digital experience by integrating design principles, following user experience guidance, and using USWDS code.
Follow current government design standards when creating new websites or making significant changes to existing websites.
- Website standards, as defined in 21st Century IDEA
Federal executive branch agency websites must use only .gov or .mil domains unless the agency head explicitly determines another domain is necessary for the proper performance of an agency function (this is rare). Coordinate with your agency CIO to request a new .gov domain. Clearly display the name of your agency on every page of the website.
- OMB M-23-10, The Registration and Use of .gov Domains in the Federal Government (PDF, 96 kb, 3 pages, February 2023); guidance to Federal agencies on the acceptable use and registration of Internet domain names
- GOV Domain Name Registration Service – request a new .gov domain
- DOTGOV Online Trust in Government Act of 2020 authorizes CISA to manage the .gov registration process
Freedom of Information Act (FOIA)
Include all required FOIA content and links.
- Freedom of Information Act (FOIA)
- Memo to Agency Heads with updated guidance on implementing the Freedom of Information Act (March 19, 2009) (PDF, 1 MB, 3 pages, March 2009) - If release is discretionary, disclosure is the default unless the agency can show that a protected interest would be harmed
- Agency FOIA Websites 2.0
- FOIA.gov Frequently Asked Questions
- Methods Agencies Use to Prepare Documents for Posting on Agency FOIA Websites
- Proactive Disclosure of Non-Exempt Agency Information: Making Information Available Without the Need to File a FOIA Request
Records that must be posted under FOIA:
- Methods for making requests or obtaining information or decisions;
- Final opinions, including concurring and dissenting opinions, as well as orders made adjudicating cases;
- Statements of policy and interpretations adopted by the agency but not published in the Federal Register;
- Administrative manuals and staff instructions that affect the public; and
- Records that have been released under FOIA, are likely to be requested or have been requested three or more times (the “Rule of Three”).
Categories of records to prioritize for posting:
- Records frequently requested under FOIA;
- Agency FOIA logs;
- Materials that are related to the operation and establishment of federal advisory committees;
- Unclassified agency reports and testimony submitted to Congress;
- An agency organizational chart and a directory listing contact information for all offices;
- Proposed agency records schedules;
- Statements of administration policy and enrolled bill memoranda submitted to the Office of Management and Budget;
- Records pertaining to lobbying such as Form SF-LLL, Disclosure of Lobbying Activities;
- Calendars of top officials (e.g., Secretary, Deputy Secretary, Assistant Secretary, and other agency heads) within one month, subject to privacy and security redactions;
- The agency’s top 10 contracts, task orders, and grants, as measured by dollar value, and all contracts, task orders, and grants that are valued at more than $100 million; and
- Material that has been declassified, to the greatest extent possible.
Establish a digital governance structure to provide accountability and enforce policies and standards. Manage and fund your digital presence as an integral part of your overall business, communications, and customer experience strategies. Leverage existing infrastructure, shared tools, best practices, and communities of practice, and coordinate within and across agencies to create efficiency and reduce duplication. When missions overlap, collaborate with other agencies to develop cross-agency websites (portals); coordinate across government to disseminate emergency response info.
- Connected Government Act, January 2018
- Digital Governance Policy Outline
- Digital Government Strategy (May 2012) (requirement 4.2)
Create content that’s accurate, relevant, easy-to-use, and conveyed in plain language. Maximize the quality, objectivity, utility, and integrity of information and services provided to the public, and make information and services available on a timely and equitable basis.
- Public Law 106-554, Guidelines for Ensuring and Maximizing the Quality Objectivity, Utility, and Integrity of Information Disseminated by Federal Agencies (Section 515) (PDF, 161 kb, 10 pages, February 2002)
Include all required content and links. Implement the U.S. Web Design System, particularly the banner and identifier components, to enable more consistency across federal websites around common content elements.
- Required content and links
- U.S. Web Design System
- Government Performance and Results (GPRA) Modernization Act of 2010
Improve priority customer facing services for mobile use. Shift to an enterprise-wide asset management and procurement model, including mobile-related procurements.
- Connected Government Act, January 2018
Comply with the requirements of Executive Order 13166, based on Title VI of the Civil Rights Act of 1964, which bans discrimination on the basis of national origin.
- Executive Order 13166, Improving Access to Services for People with Limited English Proficiency
- Department of Justice 2022 Memo Reaffirming the Mandates of EO 13166
- Federal Agency LEP Guidance (Department of Justice)
- Commonly Asked Questions and Answers Regarding Executive Order 13166
Open Government, Data, and Content
Publish information in ways that make it easy to find, access, share, distribute, and re-purpose; Structure content and tag with standard metadata. Make open data, content, and application programming interfaces (APIs) the new default, and make existing high-value data and content available through APIs. Use challenges and prizes to promote open government, innovation, and other national priorities.
- A Strategy for American Innovation (PDF, 1.22 MB, 120 pages, October 2015)
- Executive Order—Making Open and Machine Readable the New Default for Government Information (May 2013)
- OMB M-13-13 Open Data Policy—Managing Information as an Asset (PDF, 5.83 MB, 12 pages, May 2013)
- OMB M-10-06, Open Government Directive (December 2009)
- Guidance on the Use of Challenges and Prizes to Promote Open Government
- View all Open Government policies on whitehouse.gov
Information you collect from the public should minimize burden and maximize public utility. Get OMB approval before collecting information from the public via surveys, forms, etc., and include the OMB control number on the collection. Use OMB’s Fast-Track PRA Review Process to speed the PRA approval process. Use digital processes (forms, filing, signatures, etc.) and deliver services via your customers' channel of choice (online, apps, etc.) whenever possible. Designate a single point of contact for small businesses, and post the contact information on your website.
- Paperwork Reduction Act (44 U.S.C. 3501 et seq.)
- Federal Collection of Information
- OMB M-11-26, Fast-Track Process for Collecting Service Delivery Feedback Under the Paperwork Reduction Act (PDF, 196 kb, 4 pages, June 2011)
- Social Media, Web-Based Interactive Technologies, and the Paperwork Reduction Act (PDF, 83 kb, 7 pages, April 2010)
- Government Paperwork Elimination Act (GPEA) (1998)
- Small Business Paperwork Relief Act of 2002 (PDF, 49 kb, 5 pages, June 2002)
Performance Measurement and Reporting
Regularly evaluate all digital products for performance and cost effectiveness by collecting and acting on metrics and customer feedback, conducting usability testing, and measuring return on investment. Establish performance measures to demonstrate mission achievement; Make your annual performance plans readily available to the public.
Federal executive branch agencies are required to write all new or significantly revised publications, forms and publicly distributed documents in a “clear, concise, well-organized” manner.
- OMB Memo on Testing and Simplifying Federal Forms (PDF, 94 kb, 2 pages, August 2012)
- Plain Writing Act of 2010 (PDF, 153 kb, 3 pages, January 2010)
- Executive Orders 12866 and 12988
- OMB Final Guidance on Implementing the Plain Writing Act of 2010 (PDF, 269 kb, 6 pages, April 2011)
Privacy and Identity Management
- OBM M-19-17, Enabling Mission Delivery through Improved Identity, Credential, and Access Management (PDF, 1 MB, 13 pages, May 2019)
- OMB M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information (PDF, 26.96 MB, 47 pages, January 2017)
- OMB M-17-09, Management of Federal High Value Assets (PDF, 9.14 MB, 16 pages, December 2016)
- OMB M-11-11, Continued Implementation of Homeland Security Presidential Directive (HSPD) 12–Policy for a Common Identification Standard for Federal Employees and Contractors (PDF, 205 kb, 6 pages, February 2011)
- OMB M-03–22, Guidance for Implementing the Privacy Provisions of the E–Government Act of 2002 (September 2003)
- 800 series NIST Special Publications
- Children’s Online Privacy Protection Act of 1998 (COPPA)
- Privacy Act of 1974
Prohibition on Advertising
Comply with existing laws that prohibit federal public websites from being used for direct or indirect lobbying. Consult your agency’s legal staff for guidance to ensure that your site does not advertise for, nor provide preferential treatment to, private individuals, firms, or corporations.
- Prohibition of Lobbying (Title 18, Section 1913, U.S. Code)
Work with your agency Records Officer and follow NARA guidance to establish and maintain inventories, priorities, and records schedules, and regularly delete or archive content that is obsolete and is not required by law or regulation. Create content inventories which identify categories of information (e.g., press releases or publications), not specific documents. Post inventories, priorities, and schedules for posting additional content on the website for comment.
- OMB M-19-21: Transition of Electronic Records (PDF, 239 KB, 4 pages) (June 28, 2019)
- OMB M-23-07: Update to Transition to Electronic Records (PDF, 325 KB, 3 pages) (December 23, 2022)
- Code of Federal Regulations (CFR), Parts 1220-1238
- NARA guidance for implementing Section 207(e) of the E-Gov Act
- NARA guidance on managing Web records
- NARA guidance on managing social media records
- NARA Bulletin 2014-02 Guidance on managing social media records (October 2013)
- NARA list of guidances and memos for records management
Ensure your website includes a search function which follows industry standard best practices. Write content in plain language, using the words of your customers, so they can easily find what they need when searching the web or your website.
- Search.gov (formerly DigitalGov Search)
Implement security and management controls to prevent the inappropriate disclosure of sensitive information. Provide adequate security controls to ensure information is resistant to tampering, remains confidential as necessary, and is available as intended by the agency and expected by users. Implement management controls to prevent the inappropriate disclosure of sensitive information. Provide general information to the public about your security protocols. Provide a way for the public to report vulnerabilities.
- Binding Operational Directive 20-01, Develop and Publish a Vulnerability Disclosure Policy (September 2, 2020)
- Cybersecurity Executive Order 13800 (May 11, 2017)
- OMB M-15-13, Policy to Require Secure Connections across Federal Websites and Web Services (PDF, 258 kb, 5 pages, June 2015)
- Federal Information Security Modernization Act of 2014 (FISMA) (Public Law 113-283) (PDF, December 2014)
- NIST Guidelines on Securing Public Web Servers (PDF, 960 kb, 142 pages, September 2007)
- OMB M-04-15 Reporting Instructions for the Federal Information Security Management Act (PDF, 121 kb, 14 pages, August 2004)
Use the most recent and up-to-date technical standards for your digital services. Provide service through a secure connection. Deploy and use IPv6.
- The HTTPS-Only Standard
- OMB M-21-07 Completing the Transition to Internet Protocol Version 6 (IPv6) (PDF, 5.9 MB, 7 pages, November 2020)
Third-Party Services and Social Media
Use social tools to interact with customers and improve the customer experience.
- OMB Memorandum M-13-10: Antideficiency Act Implications of Certain Online Terms of Service Agreements (PDF, 1.1 MB, 17 pages, April 2013)
- Social Media, Web-Based Interactive Technologies, and the Paperwork Reduction Act (OMB memo) (PDF, 83 kb, 7 pages, April 2010)
- Guidelines for Secure Use of Social Media by Federal Departments and Agencies (PDF, 233 kb, 19 pages, September 2009)
- OGE LA-23-03: The Standards of Conduct and 18 U.S.C. § 208 as Applied to Official Social Media Use (PDF, 8 pages, January 2023)