GSA dashboard tracks best practices of government sites


Written by

The federal government now has a dashboard monitoring the best practices of its roughly 1,300 top-level domains.

Called Pulse, the dashboard currently uses the open .gov domain list to measure which websites are participating in the federal Digital Analytics Program, or DAP, and have deployed HTTPS, an encrypted and more secure Web communications protocol. According to the dashboard, just 31 percent of federal domains use HTTPS, and 43 percent participate in the DAP.

The General Services Administration’s 18F and its Office of Governmentwide Policy created the static dashboard in about six weeks — and all in the open, incorporating user feedback into the site’s design.

“Pulse is clearly a small and simple website, but we think it’s a promising foundation for celebrating (and motivating) the U.S. government’s progress on making world-class websites and online services,” members of 18F wrote in a blog post, calling it a “sort of health monitor for the U.S. government’s websites.”

While the measurement of digital analytics participation is basically a cross-reference of whether domains use the tool and a department-level percentage reflecting that,

While the site simply reports whether an agency is participating in DAP, Pulse’s HTTPS measurement digs a bit deeper. Pulse gleans information about how well federal websites support an HTTPS protocol using an open source tool built by GitHub Government Evangelist Ben Balter. It also uses SSL Labs’ grading system API, or application programing interface, to measure the quality of a domain’s HTTPS.

Pulse not only measures whether a domains uses HTTPS, but also its strength and enforcement of it.

Why so much stress on the importance of HTTPS? “Enforcing strong HTTPS is an important baseline for government websites, and is in the process of becoming the baseline for the web at large,” the 18F team wrote. In February, the federal government proposed an HTTPS-only standard, which would require agencies to move their websites to HTTPS within two years.

The site’s builders are quick to warn that, in these early days, Pulse’s information might be limited. The 18F blog post cites that the dashboard does not measure subdomains, like the State Department’s website for travel, which nests under State’s domain as Pulse also doesn’t participate with .mil and .us domains.

Likewise, 18F hopes to further automate the dashboard, particularly cross-referencing if sites are using the Digital Analytics Program automatically. “The process is not fully automated, and so Pulse isn’t updated every day,” the post says. “There’s work to do … to get to the point of showing fully up-to-date data without human intervention.”

Currently Pulse is in an alpha stage, and 18F said it plans to expand the different best practices it measures.

-In this Story-

18F, Agencies, Applications & Software, Cybersecurity, data analytics, General Services Administration (GSA), Government IT News, open source, shared services, Tech