Procedure: Protecting Content During Web Site Development Brief Description

(see the full document below for details)

This document outlines the procedures for restricting developmental Web sites in order to protect EPA information intended for the World Wide Web from public view prior to management review and approval.

On this page:

• Definitions
• Requirements
  • Content: none
  • Style: none
  • Required steps
• How to
• Examples
• Rationale
• Exemptions
• See also
• Related governance documents

• Full metadata about this standard

Definitions

Developmental Web site: a page or set of pages with draft content or design being prepared for public access on the Internet, and available to a restricted audience so that management and other interested parties can review their content or design.

Required Steps

• If your content pages can be viewed by anyone in the Agency and you don’t have any sensitive files, you can create a draft site in the webcms.  A draft unpublished site can be shared with anyone at EPA, but they have to log in with their LAN ID and PW to see it.
•  If you need your content and files to be 100% internal to EPA staff and privileged business partners only:
  • Create a developmental Web site for draft work on the EPA Intranet 
• If you need your content and files to be reviewable by people outside of the Agency:
  • Create a developmental Web site for draft work in the webcms and use the password protection for external review (shield) function to protect the web pages, however any files uploaded to the site will not be protected by the shield ID and Password . Once a file is uploaded to the webcms file system, it is in public access and findable if you know the exact location.
  • If you also need explicit sensitive file protection, create a developmental Web site for draft work on www3.epa.gov that is password protected. www3 password protection includes file protection by ID and password.

How To

Creating a Password Protected Area on www3.epa.gov

Password Protection for external review for webcms content pages

Handling Sensitive Files

Top of Page

Examples

When content is protected for external review, you will be asked for a user name and password:

Rationale

This procedure protects EPA information intended for the World Wide Web from public view prior to management review and approval.  When developing new Web pages for public access, it is EPA’s practice to post these pages on a developmental site, sometimes of short duration, for the following purposes:

data verification,

usability testing,

external partner input, 

link checking, and

management review.

Some EPA offices use “staging” or “pre-production” servers to perform these functions. These servers are in continuous operation and might be connected to the World Wide Web. In addition, some offices use temporary areas on EPA's Web server or on the Intranet server. In both cases, it is necessary to prevent the public from viewing EPA information not yet approved for publication on the Web.

Top of Page

Exemptions

No waivers for EPA Internet sites. The intranet is automatically protected against public viewing, so no additional protection is necessary for developmental sites on the Intranet.

See Also

None

Related Governance Documents

EPA

Related Policies

• None

Related Procedures

• Complying with epa.gov “Look and Feel”
• Ensuring Access to EPA Information on EPA Servers

Related Standards

• None

Related Guidance

• None

Non-EPA

Full Metadata about this standard

Name Protecting Content during Web Site Development
Type Procedure
Required or Recommended Required 
Effective date 09/07/2006
Original Date approved 08/16/2006
Last Date approved 10/11/2017
Category Area Setup
Web Council review by 10/16/2020 (or earlier if deemed necessary by the Web Council) 
Governing Policy Web Governance and Management

Top of Page