Skip to main content
U.S. flag

An official website of the United States government

This page will be the home for NIC's governance plan for digital strategy

  • Digital Services playbook: https://digital.gov/resources/checklist-of-requirements-for-federal-dig…
    • 21st Century IDEA:
      • Websites must strive to be:
        • Accessible  - yes
        • Consistent  - yes
        • Authoritative  - yes
        • Searchable  - yes
        • Secure  - yes
        • User-centered  - yes
        • Customizable  - yes
        • User-Friendly  - yes
      • Each agency that maintains a public website or digital service must report to:
        • Congress on those websites and services, including the cost and schedule of modernization, and
        • OMB and the public annually (for the next 5 years) on the agency’s progress in implementing the requirements.
      • Connected Gov Act
        • Be Mobile-Friendly
        • Use Analytics
        • Focus on Usability and Speed
    • OMB M-17-06
      1. Establish Integral Digital Governance A strong governance structure will help agencies develop coherent priorities, set up lines of accountability, and satisfy the public’s expectation of the best possible level of service. Agencies must manage their websites and digital services not as discrete individual IT projects, but as part of a comprehensive strategy covering all their digital information and services.
        • create a plan
        • deploy the plan to www.[agency].gov/digitalstrategy/ and update this page to reflect the current status of the agency’s digital governance structure
      2. Use Analytics and User Feedback to Manage Websites and Digital Services All public facing websites and digital services should be designed around user needs with datadriven analysis influencing management and development decisions.
        1. Must participate in DAP analytics
        2. Analytics must comply with OMB Memorandum M-10-22,
        3. Agencies can often use the Fast Track clearance process under the Paperwork Reduction Act (PRA) for the collection of service delivery feedback
        4. OMB has issued additional guidance, Social Media, Web-Based Interactive Technologies, and the Paperwork Reduction Act, and Flexibilities under the Paperwork Reduction Act for Compliance with Information Collection Requirements
      3. Make Information Searchable and Discoverable
        1. websites must contain a search function
      4. Provide Open Data Public Engagement Consistent with OMB Memorandum M-13-13, Open Data Policy—Managing Information as an Asset, agencies must disseminate information to the public, structured in a way that enables the data to be fully discoverable and usable.
        1. agencies must provide - Project Open Data metadata schema:
          • nicic.gov/data.json and
          • Agencies must provide a continually updated Data Publication Process at www.[agency].gov/digitalstrategy. 
          • nicic.gov/data (human readable) must also provide 2 way feedback mechanism here
          • nicic.gov/developer - must provide web app is open source documentation her 
      5. Provide Access to Government Information on Multiple Devices
        1. Mobile to desktop
      6. Protect Privacy
        1. must provide privacy page located at nicic.gov/privacy (ask BOP if we need to do this?)
        2. must provide SORNs here (complete list with links to each)
          • Complete list
          • Citations and Links to Federal Register notices
          • Link to full SORN
        3. Must list and provide link to PIAs
          • list and provide links to all Privacy Act implementation rules pursuant to 5 USC 552a(f)
        4. Matching notices and agreements. Agencies must list and provide links to up-to-date matching notices and agreements for all active matching programs in which the agency participates
        5. Exemptions to the Privacy Act. Agencies must provide citations and links to the final rules published in the Federal Register that promulgate each Privacy Act exemption claimed for their systems of records.
        6. Provide links to all other (self) agency privacy policies
        7. List al publicly available privacy reports on the agency with the exception of FISMAs and reports provided to OMB/Congress under 5 USC 552a(d)
        8. Must provide clear instructions for individuals who wish to request access to or amendment of their records under 5 USC 552a(d)
        9. Must provide contact information for anyone who has a privacy-related question
        10. Must identify the Senior Agency Official for Privacy (SAOP) and provide contact information for their office. The agency MAY also provide contact info for people in charge of component-level privacy
        11. PRIVACY POLICY
          • Must list all 3rd party services,
            • how the agency uses PII that becomes available through them,
            • who at the agency will have access to that PII
            • With whom the info will be shared outside of the agency
            • whether and how the agency will maintain the PII and for how long
            • How the agency will secure the PII
            • what other privacy risks exist and how we plan to mitigate them
            • must list tracking services and allow users to opt-out (cookie notice?)
          • Must
            • plain language
            • useful information for the public to make an informed decision on whether and how to interact with the agency
            • be updated whenever updates are made
            • include a date stamp of its latest update
            • adhere to all other applicable OMB requirements
            • include a link to the agency's privacy program page
            • A Privacy Act statement is required by law whenever an agency asks individuals to supply information that will become part of a system of records under the Privacy Act
      7. Implement Information Security and Privacy Controls
        1. Agencies must follow the policies, principles, standards, and guidelines on information security and privacy, in accordance with FISMA and other laws. Each agency is already required to implement security and privacy policies as set forth in OMB Circular A-130 and National Institute of Standards and Technology (NIST) Special Publication 800-44, Guidelines on Securing Public Web Servers; and other associated standards and 800 series guidelines from NIST.20
        2. All agency domains must be in compliance with OMB Memorandum M-08-23, Securing the Federal Government’s Domain Name System Infrastructure, and any future updates to identity, credentialing, and access management policy.
      8. Use Secure Connections (HTTPS)
      9. Use Only Approved Domains
        1. .gov or .mil
      10. Comply with Third-Party Website and Application Requirements
        1. Agency use of third-party websites and applications must have an intended purpose directly related to an agency function that supports its mission
        2. To help confirm the validity of official U.S. Government digital platforms, within 60 days of the publication date of this Memorandum, agencies must register their public-facing digital services such as social media, collaboration accounts, mobile apps and mobile websites, with the U.S. Digital Registry at: https://digital.gov/services/u-s-digital-registry/.
        3. Agency use of third-party websites and applications must comply with all relevant privacy protection requirements and a careful analysis of privacy implications as specified in OMB Memorandum M-10-23, Guidance for Agency Use of Third-Party Websites.
        4. When choosing which third-party websites and applications to adopt, agencies must review the set of terms and conditions that governs access to and use of such products and services and be aware of terms of service that are incompatible with Federal law or regulations. A list of tools with federal-compatible Terms of Service agreements can be found at: https://digital.gov/resources/negotiated-terms-of-service-agreements/.
        5. Federal Acquisition Regulation Clause 48 CFR 52.212-4(u) and OMB Memorandum M-13- 10, Anti-deficiency Act Implications of Certain Online Terms of Service Agreements, provides additional guidance for addressing terms of service and user agreements
      11. Ensure Information Quality and Accuracy
        1. Information published by an agency must convey a sense of utility, objectivity, and integrity
        2. Agencies must be transparent about the quality of the information that they disseminate and must take reasonable steps where practicable to inform users about the information quality of disseminated content
        3. The Information Quality Act also applies to third-party publications in cases where the agency is using the third-party service to disseminate information on its behalf or where the agency has the authority to review and approve the information before it’s published. In cases where members of the public are allowed to post or contribute their own information to a third-party site operated on behalf of the agency (e.g., agency sponsored social media accounts), the agency must ensure that it is clear to the public to the extent practicable:
          1. The inherent limitations of such information and that it is not sponsored by the Federal Government; and
          2. That the same level of utility, objectivity, and integrity found in Federally-sponsored information may not be present.
        4. Agencies must include reasonable management controls and establish a review process to ensure that information provided online, and links to any external information, provide a suitable level of information quality as implied by the agency linking to or referencing it from their official website.
        5. Agencies must clearly identify external links from their websites, and to the extent practicable update or remove the links when the external information is no longer sufficiently accurate, relevant, timely, necessary or complete.
          1. Agency websites must clearly state that the content of external links to non-Federal Agency websites is not endorsed by the Federal Government and is not subject to Federal information quality, privacy, security, and related guidelines.
          2. Agencies should choose the best approach to identify external links to users in a way that minimizes the impact on the usability of their websites and digital services.
          3. Agencies must post information quality guidelines, information quality correction requests, agency’s formal response(s), and any communications regarding the appeals on their website. Agencies must also establish a process for updating their information quality web pages on a regular basis
      12. Ensure Accessibility for Individuals with Disabilities
        1. Agencies must develop accessibility statements for their website and appoint a Section 508 Coordinator as required by OMB Memorandum, Strategic Plan for Improving Management of Section 508 of the Rehabilitation Act.
      13. Comply with Records Management
        1. All Federal records on agency websites and third-party sites and applications must be properly managed. At a minimum, agencies must be able to identify, retrieve, and preserve Federal Agency records created and maintained on agency websites or third-party sites. These requirements apply until their business use has ended and the records are transferred to NARA or destroyed according to their disposition schedule. Agencies must also manage administrative records that provide evidence of how of their web and third-party programs are managed and operated. Agencies using third-party websites or services are responsible for managing and capturing Federal records created or received on those sites. Agencies are required to comply with all Federal records management laws, regulations, and policies. Additional guidance for agencies on meeting their records management responsibilities can be found at https://www.archives.gov/records-mgmt
      14. Use Plain Writing
      15. Provide Multilingual Content
        1. Agencies must already provide appropriate access for people with limited English proficiency by implementing Department of Justice guidance for Executive Order 13166, Improving Access to Services for People with Limited English Proficiency. 34 Agencies must use this guidance to determine which website content must be provided in other languages, based on their agency’s mission, analytics, and user feedback.
      16. Ensure Access to Mandatory Content
        1. Laws, regulations, or other policies will occasionally mandate that agencies place certain links on their website. Agencies must respect and adhere to these statutory or executive-level mandates and incorporate these requirements in a manner that does not reduce the usability or performance of the agency’s website and digital services. At a minimum, agencies must post links to the following information on the agency’s principal website and on any known sub-agency or other major entry points to their site:
          1. USA.gov;
          2. the website’s privacy policy;
          3. the agency’s Freedom of Information Act webpage;
          4. a page about the agency with descriptions of the agency organization structure, mission, and statutory authority, and links to the following information:35
            1. the agency’s strategic plan and annual performance plans;
            2. the agency’s Privacy Program Page;
            3. the agency point of contact as required by the Small Business Paperwork Relief Act of 2002;36
            4. the agency’s Open Government Page;
            5. the agency’s Plain Writing Page;37
            6. information as required under the No Fear Act of 2002;38 and
            7. information associated with the agency’s implementation of the Information Quality Act.
      17. Transition to Internet Protocol Version 6 (IPv6)
        1. Agencies are already required to upgrade public/external facing servers and services to use native IPv6
      18. Ensure a Consistent Look and Feel Across Websites
        1. Common user interface components and visual styles help create a seamless transition across an agency’s websites and improve the ease with which the public can find information. Federal Agencies should ensure a consistent look and feel of their public facing websites and digital services. The U.S. Website Design Standards, found at https://designsystem.digital.gov/, is available to all agencies to assist with this process.
    • OMB Circular A-130
  • We should follow all NIST 800 series guidance
  • Must provide an accessibility statement on the website. Suggested: nicic.gov/accessibility 
  • Must provide link on every page to our agency's FOIA page (we link to BOP's)
  • Must have a page with:
    • description of the agency
    • organizational structure
    • mission
    • statutory authority
    • links to:
      • Agency's strategic plan
      • Agency's performance plan
      • Privacy page
      • Agency POC as required by Paperwork Relief Act of 2002
      • Agency's Open Government Page
      • Agency's Plain writing page
      • Information required under the No Fear Act of 2002
      • Information about the implementation of the Information Quality Act
  • Must look consistent with the US Website design standards
  • Must add to footer that the website is created and Maintained by the NIC under the DOJ
  • Verification of analytics compliance. Agencies using web measurement and customization technology must annually review their systems and procedures to demonstrate that they are in compliance with this policy. The results of this review shall be posted on the agency’s “/open” page located at https://nicic.gov/open, with a mechanism for the public to provide feedback on the results. 
  • Created:
    Updated: