An official website of the United States government.

This is not the current EPA website. To navigate to the current EPA website, please go to www.epa.gov. This website is historical material reflecting the EPA website as it existed on January 19, 2021. This website is no longer updated and links to external websites and some internal pages may not work. More information »

Related Topics:
Contact Us

Procedure: Ensuring EPA Public Content in the EPA Web Environment

Brief Description

About this procedure

Required or Recommended: Required

Effective Date: 05/11/2016

Full Document Metadata

EPA public information must be hosted in the EPA web environment unless a waiver is in place.  This document describes the requirements as they apply to various types of EPA Web content and hosting options, including how to request a waiver.  This procedure does not apply to social media.

On this page:

Note

Thinking about requesting a new .gov domain (not a new EPA program page or EPA-level subdomain)? Read the Procedure: Obtaining a Dot Gov Domain.

Definitions

EPA public information: regulatory and programmatic Agency public communications including, but not limited to, general information, program actions and activities, regulations, and educational materials.

EPA Web environment:  Publicly accessible servers owned and operated by the Office of Mission Support (OMS) and at other OMS-approved hosting service provider(s).  These websites use the epa.gov domain and provide 24x7 access to EPA’s public information.

Agency Cloud Services:  Web and application hosting services provided by OMS in one of its on-site private cloud hosting environments or at an OMS-sanctioned third-party data center.  Agency cloud services are procured, managed or vetted by OMS and include the capability to provide an epa.gov domain name.  Information hosted on agency cloud services are considered to be part of EPA's web environment and do not require a waiver.

Non-OMS Sanctioned Third-Party Cloud Service Provider: Web and application hosting services obtained through a third-party provider that are not procured, owned, vetted, operated or maintained by OMS.

External domain: Websites managed by EPA program or regional offices or containing their information or data that may or may not be housed in EPA Web environment and have different domain names, like energystar.gov or northeastdiesel.org.

Epa.gov Subdomains: Websites that are part of the main epa.gov domain, but have a URL like echo.epa.gov, archive.epa.gov, etc.

www.epa.gov: The EPA primary public access website that provides publicly accessible data and information.

NCC: National Computer Center.  The NCC is EPA’s primary data center located in Research Triangle Park, NC.  It is operated by the Office of Environmental Information.

FISMA: The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA was signed into law as part of the Electronic Government Act of 2002.

FedRAMP: The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. 

Top of Page

Required Steps

All EPA Public Access Information

  1. Host all EPA public information in the EPA Web environment.  The primary source for publishing EPA information is the Drupal-based Web Content Management System at www.epa.gov.
  2. All EPA public information that is hosted outside of the EPA Web environment requires additional steps depending on the type of content. This procedure identifies the required steps necessary to publish and maintain a website according to its location and purpose:
    • Content in Agency Cloud Services
    • Partnership and all other types of websites hosted outside of the EPA Web environment
    • Content mirrored on other non-epa.gov websites
    • Content Related to Conferences Sponsored Only by EPA
    • Content Related to Conferences Co-sponsored by EPA and Other Organizations
    • Content in EPA's GitHub account

Content in Agency Cloud Services

  1. Does not require a waiver.
  2. Must submit the “Notification of EPA Content Hosted in the EPA Cloud Service(.doc file, 1 pg, 19 K) to the Web Council’s National Infrastructure Manager for tracking and reporting purposes only.

Partnership and Other Content hosted by a Non OMS-Sanctioned Third-Party Provider

  1. Require a waiver using the “Format for Memo Requesting a Waiver to Host Content Outside of EPA Web Environment” template
  2. Must ensure that the websites are:
    • Hosted on a FedRAMP or FISMA-compliant hosting platform
    • Provided via a secure HTTPS connection,
    • Contain appropriate security and privacy protection procedures and,
    • Comply with accessibility requirements for persons with disabilities set forth in Section 508 or the Rehabilitation Act of 1973.
  3. Additional note on partnership sites:  It is strongly recommended that the joint website include a disclaimer stating that the information is drawn from multiple sources, i.e., EPA, et al., and suggest that the viewer examine the information in its original context, if that is possible.  Directions to that original information should be provided.

Content “Mirrored” on Other Non-EPA.gov Websites, i.e., Duplicated to Those Servers

  1. A waiver is not required.
  2. Must submit the “Notification of EPA Content Hosted Outside of the EPA Web Environment(1 pg, 22 K)(.doc file, 1 pg, 19 K) to the Web Council’s National Infrastructure Manager for tracking and reporting purposes only.
  3. The non-EPA site should provide the location of the EPA URL or website from which the duplication was made, to permit users to review the authoritative source of the information.
  4. Additional note on mirrored sites:  Information that is offered on EPA's Web site may be copied or mirrored to other sites (e.g., universities or other non-governmental organizations), but it must first reside within the EPA Web environment.

Content for EPA-Only Sponsored Conferences, Meetings and Training Events

  1. Require a waiver unless entirely hosted within the epa.gov domain. Request a waiver using the “Format for Memo Requesting a Waiver to Host Content Outside of EPA Web Environment"
  2. EPA allows the use of EventBrite, an on-line registration tool, for registration and confirmation pages that do not require credit card information.  EPA has an approved Terms of Service agreement with EventBrite and a waiver is not required.  Review the EventBrite Guidance
  3. If credit card information is required for registration, then only the registration pages and the associated pages (e.g., registration, error messages, receipts, confirmation for credit card information) can be hosted outside of the EPA domain without a waiver. Follow these additional steps:
    1. Use the same look and feel on the registration and associated pages as the other conference pages.
    2. Alert visitors by stating on the registration page: "Registration information is collected by XYZ Corp. under contract to EPA." or similar language.
    3. For tracking and reporting purposes, complete the “Notification of EPA Content Hosted Outside of EPA Web Environment” form and submit to the Web Council’s National Infrastructure Manager.

Content Related to Conferences, Meetings and Training Events Co-Sponsored by EPA and Other Organizations

If an EPA program or regional office co-sponsors an event with another federal agency or an outside organization and wants to host the entire event website outside of the EPA domain, follow these steps:

For Co-Sponsorship with Other Federal Agencies

  1. Require a waiver. Request a waiver using the “Format for Memo Requesting a Waiver to Host Content Outside the EPA Web Environment" if the website is not hosted on the EPA domain or the partnering federal agency’s dot-gov domain.
  2. EPA must work with other federal agencies to ensure that the conference website:
    • is provided via a secure HTTPS connection,
    • contains appropriate security and privacy protection procedures, and
    • complies with accessibility requirements for persons with disabilities as set forth in Section 508 of the Rehabilitation Act of 1973.

For Co-Sponsorship with Non-Federal Organizations

  1. If EPA will be co-sponsoring a conference, meeting, webinar or other event, then the program office must first enter into a co-sponsorship agreement with the non-federal partner.  These agreements must be reviewed by the Office of General Counsel.  Doing so ensures that EPA can legally carry out its obligations and accept any services or assistance from the non-federal entity.  The sponsoring program office must work with the non-federal organization to ensure that the legal standards for joint sponsorship of conferences are followed as set forth in Ethics Advisory 96-15 (PDF)  Intranet(6 pp, 32 K, About PDF).
  2. Requires a waiver. Request a waiver using the “Format for Memo Requesting a Waiver to Host Content Outside the EPA Web Environment" if the website is not hosted on the EPA domain.
  3. The requesting office must be prepared to provide a copy of the signed co-sponsorship agreement upon request.
  4. EPA must work with its non-federal partners to ensure that the conference website:
    • is provided via a secure HTTPS connection,
    • contains appropriate security and privacy protection procedures and,
    • complies with accessibility requirements for persons with disabilities as set forth in Section 508 of the Rehabilitation Act of 1973.

Additional note on partnership sites:  It is strongly recommended that the joint website include a disclaimer stating that the information is drawn from multiple sources, i.e., EPA, et al., and suggest that the viewer examine the information in its original context, if that is possible.  Directions to that original information should be provided.

Content in EPA's GitHub account

EPA's open source code must be hosted in EPA's GitHub account: GitHub.com/USEPA Exit. A copy of all EPA open source code in GitHub must also be hosted in EPA's Bitbucket accountIntranet. See EPA's Open Source Code Guidance to determine the what frequency you should update your Bitbucket code repository with open source code from your GitHub.com/USEPA code repository.

  1. A waiver is not required.
  2. Follow instructions in EPA's Open Source Code Guidance.

Top of Page

Required Steps to Obtain Waivers

  1. Request a waiver using the “Format for Memo Requesting a Waiver to Host Content Outside the EPA Web Environment
  2. The waiver must be sent by a Senior Information Officer (SIO) or an Office Director to the Web Council’s National Infrastructure Manager who will forward to the Agency's Chief Information Officer (CIO) through the OMS Office Director.
  3. The office must be able to attest in the waiver request that they have met the federal requirements listed at DigitalGov's Checklist of Requirements for Federal Websites and Digital Services page including OMB M-05-04 “Policies for Federal Agency Public Websites" and OMB M-15-13, "Policy to Require Secure Connections across Federal Websites and Web Services" which requires all new federal websites to use a secure HTTPS connection.  Newly developed websites and services at all federal agency domains or sub-domains must adhere to the HTTPS requirement upon launch.
  4. All approved waiver requests will be reviewed annually by OMS and the CIO to ensure that the need for the waiver request is still valid and necessary.  During this review period, there will be an annual data call for EPA program and regional offices to report any EPA content not hosted within the EPA Web environment.  EPA offices that host EPA content outside of the EPA Web environment without an approved waiver, where a waiver is required, will need to come into full compliance immediately.  If compliance is not immediate, the CIO may request the applicable Assistant Administrator or Regional Administrator to remove the content.

Top of Page

Rationale

Rationale for Using the EPA Web Environment

EPA programs and regions must provide all their public information in the EPA Web environment.  The EPA website, www.epa.gov, is the primary source of EPA public information.  The Agency may also use third-party sites and social media tools to provide EPA information that is already available on the Agency website in other popular channels and formats.  EPA’s Web Environment is the official location for Agency public communications via the Web. EPA uses the EPA Web Environment to:
  • Provide the public with an Agency-wide content search capability.
  • Assure that EPA information is clear, consistent and approved for dissemination.
  • Aid in meeting Agency records management, analytics, and security requirements.
  • Protect the integrity and quality of EPA information.

Additionally, EPA cannot protect the confidentiality, integrity and availability of EPA information hosted outside of the EPA Web environment on servers over which it has no control.  Any EPA information on non-EPA domains and servers, however, needs protection comparable to that provided for the information hosted in the EPA Web environment comprising www.epa.gov.

Rationale for the Use of Waivers

Situations in which some EPA content or public information may need to be on an external domain outside of www.epa.gov or the EPA Web environment such as:
  • Some EPA information is solely on websites operated and maintained by a partnership, consortium, or interstate or international commission collaborating with an EPA program office through a formal agreement or mechanism, and the information cannot be easily separated according to its contributors. 
  • Situations where the OMS does not have the technical resources to provide a particular service required by a program office.

Top of Page

Exemptions

Social Media

The Agency may also use third-party sites and social media tools to provide EPA information in other popular channels and formats as per the Agency’s Social Media Policy and Social Media Guidance. In most cases, the EPA information should already be available on the EPA website. EPA’s YouTube Channel and EPA GeoPlatform are official EPA channels of EPA information that is not already available on the EPA website, but are the exceptions rather than the norm.

Top of Page

See Also

Top of Page

Related Governance Documents

EPA

Related Policies

Related Procedures

Related Standards

  • None

Related Guidance

  • None

Non-EPA

Paperwork Reduction Act (PRA) of 1980, as amended in 1995, requires agencies to provide for the dissemination of public information on a timely basis, on equitable terms, and in a manner that promotes the utility of the information to the public and makes effective use of information technology.

OMB Bulletin 95-01, Establishment of Government Information Locator Service (GILS), December 7, 1994, is designed to help the public and agencies locate and access information electronically throughout the U.S. government.

Top of Page

Full Metadata about This Standard

Name Ensuring EPA Public Content in the EPA Web Environment
Type Procedure
Required or Recommended Required 
Effective date 05/11/2016
Date approved 05/11/2016
Category Area Setup
Web Council review by 05/11/2019 (or earlier if deemed necessary by the Web Council) 
Governing Policy Web Governance and Management

Top of Page

 

Contact Us to ask a question, provide feedback, or report a problem.