NoteYou should regularly review your agency’s websites and other digital products and services to ensure they comply with all relevant laws, policies, and regulations.
These high-level policies cover basic requirements for all websites and digital services.
- 21st Century IDEA, including the required website standards, December 2018
- Connected Government Act, January 2018
- OMB M-17-06, Policies for Federal Agency Public Websites and Digital Services (PDF, 1.2 MB, 18 pages, November 2016)
- OMB Circular A-130, Managing Information as a Strategic Resource (July 28, 2016)
- Digital Government Strategy (May 2012)
- E-Government Act of 2002, Section 207
- See a full list of policies and regulations »
- See our list of Required Web Content and Links ».
Accessibility / Section 508
Ensure access for people with disabilities, including motor, auditory, cognitive, seizure/neurological, and visual impairments; ensure content is “perceivable, operable, understandable, and robust.” Teach staff how to create accessible products, and conduct accessibility testing before launch, or when making significant changes to, digital products and services.
- Section 508 of the Rehabilitation Act of 1973 (29 U.S.C § 794 (d))
- Information and Communication Technology (ICT) Accessibility 508 Standards
- Required Link - Accessibility Statement
- Overview of Section 508 and related laws
- Governmentwide Section 508 Strategic Plan (2013)
Understand customer needs, set performance standards, collect and address customer feedback, and use data to continuously improve your programs.
- Implementing Performance and Customer Satisfaction Tools (OMB guidance accessible to federal employees on the OMB MAX wiki)
- OMB M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies (PDF, 102 KB, 9 pages, June 2010)
Coordination During Incidents of National Significance
Federal websites must provide timely and accurate information during incidents of national significance. During such incidents, the Department of Homeland Security has the authority to coordinate all U.S. government communications to ensure consistent public information through an integrated federal incident communications system. Coordinate emergency response-related web communications with your Federal Web Council representative.
- Emergency Support Function 15 (ESF-15 - Public Affairs – Annex R) of the National Response Framework
Inform the public about your policies on digital rights, copyrights, trademarks, and patents. If your organization uses or duplicates private sector information, protect the property rights of the source. (These protections apply to any material posted to federal public websites, such as documents, graphics, or audio files.)
- Copyright Law
- U.S. Trademark Law (PDF, 1.5 MB, 260 pages, March 2010)
- Digital Millennium Copyright Act (PDF, 277 KB, 60 pages, January 1999)
- U.S. Patent Law, U.S. Code 35, Chapter 26
- United States Government Works and Copyright Act of 1976 (MS Word, 16 KB, 2 pages, June 2011)
Understand the needs of your customers, collect and address customer feedback, and use data and feedback to continuously improve your programs. Ensure that information collected from the public minimizes burden and maximizes public utility. Use social media and other third-party platforms to listen to and serve customers. Secure OMB approval before collecting information from the public (surveys, forms, etc.), and include the OMB control number on the collection. Enable digital interactions with the public and deliver services via your customers’ channel of choice.
- OMB Circular A-11 Section 280, Managing Customer Experience and Improving Service Delivery (2019) (7 pages, 608 kb)
- Executive Order 13571 – Streamlining Service Delivery and Improving Customer Service (April 2011)
- See all Government Customer Service Policies and Requirements
- New Fast-Track Process for Collecting Service Delivery Feedback Under the Paperwork Reduction Act (June 15, 2011) (4 pages, 196 kb)
Use the U.S. Web Design System (USWDS) to deliver a great digital experience by integrating design principles, following user experience guidance, and using USWDS code.
Follow current government design standards when creating new websites or making significant changes to existing websites.
Federal executive branch agency websites must use only .gov or .mil domains unless the agency head explicitly determines another domain is necessary for the proper performance of an agency function. The 2011 freeze on creation of new .gov domains has been lifted; coordinate with agency CIO and GSA to request a new .gov domain. Clearly display the name of your agency on every page on the website.
- GOV Domain Name Registration Service – request a new .gov domain
- Final Rule – 41 CFR Part 102-173 authorizes GSA to manage the .gov registration process
- Policies for DotGov Domain Issuance for Federal Agency Public Websites (PDF, 304 KB, 2 pages, January 2015)
Establish a digital governance structure to provide accountability and enforce policies and standards. Manage and fund your digital presence as an integral part of your overall business, communications, and customer experience strategies. Leverage existing infrastructure, shared tools, best practices, and communities of practice, and coordinate within and across agencies to create efficiency and reduce duplication. When missions overlap, collaborate with other agencies to develop cross-agency websites (portals); coordinate across government to disseminate emergency response info.
- Connected Government Act, January 2018
- Digital Governance Policy Outline
- Digital Government Strategy (May 2012) (requirement 4.2)
Create content that’s accurate, relevant, easy-to-use, and conveyed in plain language. Maximize the quality, objectivity, utility, and integrity of information and services provided to the public, and make information and services available on a timely and equitable basis.
- Public Law 106-554, Guidelines for Ensuring and Maximizing the Quality Objectivity, Utility, and Integrity of Information Disseminated by Federal Agencies (Section 515) (PDF, 161 KB, 10 pages, February 2002)
Mandatory Content (incl. FOIA)
Include all required content and links, including FOIA info. Include a text link back to your homepage on every page of your website (typically in site header.) (If you use a graphical link, it must have appropriate alt text).
- Freedom of Information Act (FOIA) (PDF, 109 KB, 13 pages, April 2007)
- Memo to Agency Heads with updated guidance on implementing the Freedom of Information Act (March 19, 2009) (PDF, 1 MB, 3 pages, March 2009)
- FOIA Frequently Asked Questions – FOIA.gov
- Proper Consideration of Small Entities in Agency Rulemaking (August 2002)
- Government Performance Results Act of 1993 (GPRA)
Improve priority customer facing services for mobile use. Shift to an enterprise-wide asset management and procurement model, including mobile-related procurements.
- Connected Government Act, January 2018
Comply with the requirements of Executive Order 13166, based on Title VI of the Civil Rights Act of 1964, which bans discrimination on the basis of national origin.
- Executive Order 13166, Improving Access to Services for People with Limited English Proficiency
- Dept. of Justice Memo Reaffirming the Mandates of EO 13166
- Federal Agency LEP Guidance (Dept. of Justice)
Publish information in ways that make it easy to find, access, share, distribute, and re-purpose; Structure content and tag with standard metadata. Make open data, content, and application programming interfaces (APIs) the new default, and make existing high-value data and content available through APIs. Use challenges and prizes to promote open government, innovation, and other national priorities.
- A Strategy for American Innovation (PDF, 1.22 MB, 120 pages, October 2015)
- Executive Order—Making Open and Machine Readable the New Default for Government Information (May 2013)
- OMB M-13-13 Open Data Policy—Managing Information as an Asset (PDF, 5.83 MB, 12 pages, May 2013)
- OMB M-10-06, Open Government Directive (December 2009)
- Guidance on the Use of Challenges and Prizes to Promote Open Government
- View all Open Government policies on whitehouse.gov
Information you collect from the public should minimize burden and maximize public utility. Get OMB approval before collecting information from the public via surveys, forms, etc., and include the OMB control number on the collection. Use OMB’s Fast-Track PRA Review Process to speed the PRA approval process. Use digital processes (forms, filing, signatures, etc.) and deliver services via your customers’ channel of choice (online, apps, etc.) whenever possible. Designate a single point of contact for small businesses, and post the contact information on your website.
- Paperwork Reduction Act (44 U.S.C. 3501 et seq.)
- Federal Collection of Information
- OMB M-11-26, Fast-Track Process for Collecting Service Delivery Feedback Under the Paperwork Reduction Act (PDF, 196 KB, 4 pages, June 2011)
- Social Media, Web-Based Interactive Technologies, and the Paperwork Reduction Act (PDF, 83 KB, 7 pages, April 2010)
- Government Paperwork Elimination Act (GPEA) (1998)
- Small Business Paperwork Relief Act of 2002 (PDF, 49 KB, 5 pages, June 2002)
Performance Measurement and Reporting
Regularly evaluate all digital products for performance and cost effectiveness by collecting and acting on metrics and customer feedback, conducting usability testing, and measuring return on investment. Establish performance measures to demonstrate mission achievement; Make your annual performance plans readily available to the public.
Federal executive branch agencies are required to write all new or significantly revised publications, forms and publicly distributed documents in a “clear, concise, well-organized” manner.
- OMB Memo on Testing and Simplifying Federal Forms (PDF, 94 KB, 2 pages, August 2012)
- Plain Writing Act of 2010 (PDF, 153 KB, 3 pages, January 2010)
- Executive Orders 12866 and 12988
- OMB Final Guidance on Implementing the Plain Writing Act of 2010 (PDF, 269 KB, 6 pages, April 2011)
Privacy and Identity Management
- M-19-17, Enabling Mission Delivery through Improved Identity, Credential, and Access Management (PDF, 1 MB, 13 pages, May 2019)
- OMB M-03–22, Guidance for Implementing the Privacy Provisions of the E–Government Act of 2002 (September 2003)
- Children’s Online Privacy Protection Act of 1998 (COPPA)
- Privacy Act of 1974
Prohibition on Advertising
Comply with existing laws that prohibit federal public websites from being used for direct or indirect lobbying. Consult your agency’s legal staff for guidance to ensure that your site does not advertise for, nor provide preferential treatment to, private individuals, firms, or corporations.
- Prohibition of Lobbying (Title 18, Section 1913, U.S. Code)
Work with your agency Records Officer and follow NARA guidance to establish and maintain inventories, priorities, and records schedules, and regularly delete or archive content that is obsolete and is not required by law or regulation. Create content inventories which identify categories of information (e.g., press releases or publications), not specific documents. Post inventories, priorities, and schedules for posting additional content on the website for comment.
- Code of Federal Regulations (CFR), Parts 1220-1238
- NARA guidance for implementing Section 207(e) of the E-Gov Act
- NARA guidance on managing Web records
- NARA guidance on managing social media records
- NARA Bulletin 2014-02 Guidance on managing social media records (October 2013)
- NARA list of guidances and memos for records management
Ensure your website includes a search function which follows industry standard best practices. Write content in plain language, using the words of your customers, so they can easily find what they need when searching the web or your website.
- Search.gov (formerly DigitalGov Search)
Implement security and management controls to prevent the inappropriate disclosure of sensitive information. Provide adequate security controls to ensure information is resistant to tampering, remains confidential as necessary, and is available as intended by the agency and expected by users. Implement management controls to prevent the inappropriate disclosure of sensitive information. Provide general information to the public about your security protocols. Provide a way for the public to report vulnerabilities.
- Binding Operational Directive 20-01, Develop and Publish a Vulnerability Disclosure Policy (September 2, 2020)
- Cybersecurity Executive Order 13800 (May 11, 2017)
- OMB M-15-13, Policy to Require Secure Connections across Federal Websites and Web Services (PDF, 258 KB, 5 pages, June 2015)
- Federal Information Security Modernization Act of 2014 (FISMA) (Public Law 113-283) (PDF, December 2014)
- NIST Guidelines on Securing Public Web Servers (PDF, 960 KB, 142 pages, September 2007)
- OMB M-04-15 Reporting Instructions for the Federal Information Security Management Act (PDF, 269 KB, 28 pages, August 2004)
- Federal Information Security Management Act of 2002: FISMA Presentation to 2003 FISSEA Conference (PDF, 62.5 KB, 17 pages, April 2003)
Use the most recent and up-to-date technical standards for your digital services. Provide service through a secure connection. Deploy and use IPv6.
- The HTTPS-Only Standard
- OMB M-21-07 Completing the Transition to Internet Protocol Version 6 (1Pv6) (PDF, November 2020)
Third-Party Services/Social Media
Use social tools to interact with customers and improve the customer experience.
- OMB Memorandum M-13-10: Antideficiency Act Implications of Certain Online Terms of Service Agreements (PDF, 1.1 MB, 17 pages, April 2013)
- Social Media, Web-Based Interactive Technologies, and the Paperwork Reduction Act (OMB memo) (PDF, 83 KB, 7 pages, April 2010)
- Guidelines for Secure Use of Social Media by Federal Departments and Agencies (PDF, 233 KB, 19 pages, September 2009)
Have feedback or questions? Send us an email »