Procedure: Hosting EPA Public Content on the EPA Environment

Brief Description

About this procedure

Required or Recommended: Required

Effective Date: 05/11/2016

Full Document Metadata

EPA public information must be hosted in the EPA web environment unless a waiver is in place.  This document describes the requirements as they apply to various types of EPA Web content and hosting options, including how to request a waiver.  This procedure does not apply to social media.

On this page:
Note

Thinking about requesting a new .gov domain (not a new EPA program page or EPA-level subdomain)? Read the Procedure: Obtaining a Dot Gov Domain.

Definitions

EPA public information: regulatory and programmatic Agency public communications including, but not limited to, general information, program actions and activities, regulations, and educational materials that are freely accessible to the public.

EPA Web environment: Publicly accessible servers owned, leased, or operated by the Office of Mission Support (OMS), including Agency Cloud Services. These servers use the epa.gov domain and provide 24x7 access to EPA’s public information.

Agency Cloud Services: Web and application hosting services provided by OMS in one of its on-site private cloud hosting environments or at an OMS-sanctioned third-party data center. Agency cloud services are procured, managed or vetted by OMS and include the capability to provide an epa.gov domain name. Information hosted on agency cloud services are considered to be part of EPA's web environment.

EPA-Owned Domain: EPA owns the domain or sub-domain name no matter where it is hosted. Examples include energystar.gov and airnow.gov. These sites must comply with all EPA and federal web management requirements unless a waiver is granted.

EPA-hosted site, including epa.gov subdomains: EPA hosts the site on EPA-authorized servers no matter who owns the domain. These usually are subdomains like echo.epa.gov or CDX.epa.gov. These sites must comply with all EPA and federal web management requirements.

Non-OMS Sanctioned Third-Party Cloud Service Provider: Web and application hosting services obtained through a third-party provider that are not procured, owned, vetted, operated or maintained by OMS.

www.epa.gov: The EPA's primary public access website that provides publicly accessible information.

National Computer Center (NCC): The NCC is EPA’s primary data center located in Research Triangle Park, NC. It is operated by the Office of Mission Support.  Sites hosted at the NCC are considered part of the EPA Web environment.

FISMA: The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA was signed into law as part of the Electronic Government Act of 2002.

FedRAMP: The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

Partnership site: A site that EPA funds but it is not hosted in the EPA Web environment.  These usually are sites funded through grants and cooperative agreements. These sites must comply with Binding Operative Directives like BOD-18-01, accessibility requirements, and plain language directives.

Mirrored Site: Information that is offered in EPA's Web environment that has been copied or mirrored to other sites (e.g., universities or other non-governmental organizations) in the past.  This is not allowed.  Other entities should link to EPA’s content, not mirror it. 

Required Steps

All EPA Public Access Information

  1. Host all EPA public information in the EPA Web environment. The primary source for publishing EPA information is the Drupal-based Web Content Management System at www.epa.gov.
  2. All EPA public information that is hosted outside of the EPA Web environment requires additional steps depending on the type of content. This procedure identifies the required steps necessary to publish and maintain a website according to its location and purpose:
    • Partnership sites hosted outside of the EPA Web environment and funded by EPA.
    • Content mirrored on other non-epa.gov websites is not allowed.
    • Content Related to Conferences Sponsored Only by EPA
    • Content Related to Conferences Co-sponsored by EPA and Other Organizations
    • Code in EPA's GitHub account

Partnership Sites, which are sites hosted outside the EPA environment but funded by EPA, usually through grants or cooperative agreements

  1. Require a waiver using the “ Format for Memo Requesting a Waiver to Host Content Outside of EPA Web Environment (docx) (34.9 KB) ” template
  2. Must ensure that the websites are:
    • Hosted on a FedRAMP or FISMA-compliant hosting platform
    • Provided via a secure HTTPS connection,
    • Contain appropriate security and privacy protection procedures and,
    • Comply with accessibility requirements for persons with disabilities set forth in Section 508 or the Rehabilitation Act of 1973.
  3. Additional note on partnership sites: It is strongly recommended that the joint website include a disclaimer stating that the information is drawn from multiple sources, i.e., EPA, et al., and suggest that the viewer examine the information in its original context, if that is possible. Provide directions to any original information.

Content for EPA-Only Sponsored Conferences, Meetings and Training Events

  1. Require a waiver unless entirely hosted within the epa.gov domain. Request a waiver using the " Format for Memo Requesting a Waiver to Host Content Outside of EPA Web Environment (docx) (34.9 KB) "
  2. EPA utilizes conferencing tools such as Zoom and Teams, which allow for a customized registration page. Please refer to the Conferences and Meetings page for requirements on registration pages for these events
  3. If credit card information is required for registration, then only the registration pages and the associated pages (e.g., registration, error messages, receipts, confirmation for credit card information) can be hosted outside of the EPA domain without a waiver. Follow these additional steps:
    1. Use the same look and feel on the registration and associated pages as the other conference pages.
    2. Alert visitors by stating on the registration page: "Registration information is collected by XYZ Corp. under contract to EPA." or similar language.
    3. For tracking and reporting purposes, complete the “Notification of EPA Content Hosted Outside of EPA Web Environment” form and submit to the Web Council’s National Infrastructure Manager.

Content Related to Conferences, Meetings and Training Events Co-Sponsored by EPA and Other Organizations

If an EPA program or regional office co-sponsors an event with another federal agency or an outside organization and wants to host the entire event website outside of the EPA domain, follow these steps:

For Co-Sponsorship with Other Federal Agencies

  1. Require a waiver. Request a waiver using the " Format for Memo Requesting a Waiver to Host Content Outside of EPA Web Environment (docx) (34.9 KB) " if the website is not hosted on the EPA domain or the partnering federal agency’s dot-gov domain.
  2. EPA must work with other federal agencies to ensure that the conference website:
    • is provided via a secure HTTPS connection,
    • contains appropriate security and privacy protection procedures, and
    • complies with accessibility requirements for persons with disabilities as set forth in Section 508 of the Rehabilitation Act of 1973.

For Co-Sponsorship with Non-Federal Organizations

  1. If EPA will be co-sponsoring a conference, meeting, webinar or other event, then the program office must first enter into a co-sponsorship agreement with the non-federal partner. These agreements must be reviewed by the Office of General Counsel. Doing so ensures that EPA can legally carry out its obligations and accept any services or assistance from the non-federal entity.  The sponsoring program office must work with the non-federal organization to ensure that the legal standards for joint sponsorship of conferences are followed as set forth in Ethics Advisory 96-15 (PDF)(6 pp, 32 K, About PDF).
  2. Requires a waiver. Request a waiver using the " Format for Memo Requesting a Waiver to Host Content Outside of EPA Web Environment (docx) (34.9 KB) " if the website is not hosted on the EPA domain.
  3. The requesting office must be prepared to provide a copy of the signed co-sponsorship agreement upon request.
  4. EPA must work with its non-federal partners to ensure that the conference website:
    • is provided via a secure HTTPS connection,
    • contains appropriate security and privacy protection procedures and,
    • complies with accessibility requirements for persons with disabilities as set forth in Section 508 of the Rehabilitation Act of 1973.

Additional note on partnership sites: It is strongly recommended that the joint website include a disclaimer stating that the information is drawn from multiple sources, i.e., EPA, et al., and suggest that the viewer examine the information in its original context, if that is possible. Provide directions to any original information.

Code in EPA's GitHub account

EPA's open source code must be hosted in EPA's GitHub account: GitHub.com/USEPA . A copy of all EPA open source code in GitHub also must be hosted in EPA's Bitbucket account. See EPA's Open Source Code Guidance 

  1. A waiver is not required.
  2. Follow instructions in EPA's Open Source Code Guidance.
  3. Do not use Github’s Pages functionality to host EPA content.

Required Steps to Obtain Waivers

  1. Request a waiver using the " Format for Memo Requesting a Waiver to Host Content Outside of EPA Web Environment (docx) (34.9 KB)
  2. The waiver must be sent by a Senior Information Officer (SIO) or an Office Director to the Web Council’s National Infrastructure Manager who will forward to the Agency's Chief Information Officer (CIO) through the OMS Office Director.
  3. The office must be able to attest in the waiver request that they have met the federal requirements listed at DigitalGov's Checklist of Requirements for Federal Websites and Digital Services page including OMB M-17-06, "Policies for Federal Agency Public Websites and Digital Services (PDF)"(18pp, 1.2MB, Nov. 2016), OMB M-15-13, "Policy to Require Secure Connections across Federal Websites and Web Services (PDF)" (5pp, 258K, June 2015), DHS BOD-18-01, “Enhance Email and Web Security (PDF)", (4pp, 240K, Oct 2017), 21st Century Integrated Digital Experience Act, and U.S. Web Design System which requires all new federal websites to use a secure HTTPS connection.  Newly developed websites and services at all federal agency domains or sub-domains must adhere to the HTTPS requirement upon launch.
  4. All approved waiver requests will be reviewed periodically to ensure that the need for the waiver request is still valid and necessary. During this review period, there will be an annual data call for EPA program and regional offices to report any EPA content not hosted within the EPA Web environment. EPA offices that host EPA content outside of the EPA Web environment without an approved waiver, where a waiver is required, will need to come into full compliance immediately. If compliance is not immediate, the CIO may request the applicable Assistant Administrator or Regional Administrator to remove the content.

Rationale

Rationale for Using the EPA Web Environment

EPA programs and regions must provide all their public information in the EPA Web environment. The EPA website, www.epa.gov, is the primary source of EPA public information.  EPA’s Web Environment is the official location for Agency public communications via the Web. EPA uses the EPA Web Environment to:
  • Provide the public with an Agency-wide content search capability.
  • Assure that EPA information is clear, consistent and approved for dissemination.
  • Aid in meeting Agency records management, analytics, and security requirements.
  • Protect the integrity and quality of EPA information.

Additionally, EPA cannot protect the confidentiality, integrity and availability of EPA information hosted outside of the EPA Web environment on servers over which it has no control. Any EPA information on non-EPA domains and servers, however, needs protection comparable to that provided for the information hosted in the EPA Web environment comprising www.epa.gov.

Rationale for the Use of Waivers

Situations in which some EPA content or public information may need to be on an external domain outside of www.epa.gov or the EPA Web environment such as:
  • Some EPA information is solely on websites operated and maintained by a partnership, consortium, or interstate or international commission collaborating with an EPA program office through a formal agreement or mechanism, and the information cannot be easily separated according to its contributors.
  • Situations where OMS does not have the technical resources to provide a particular service required by a program office.

Exemptions

Social Media

The Agency may also use third-party sites and social media tools to provide EPA information in other popular channels and formats as per the Agency’s Social Media Policy and Social Media Guidance. In most cases, the EPA information should already be available on the EPA website. EPA’s YouTube Channel and EPA GeoPlatform are official EPA channels of EPA information that is not already available on the EPA website but are the exceptions rather than the norm.

See Also

Related Governance Documents

EPA

Related Policies

Related Procedures

Related Standards

  • None

Related Guidance

Non-EPA

Full Metadata about This Standard

Name Hosting EPA Public Content on the EPA Environment
Type Procedure
Required or Recommended Required
Effective date 05/11/2016
Date approved 9/11/2024
Category Area Setup
Web Council review by 9/11/2027 (or earlier if deemed necessary by the Web Council) 
Governing Policy Web Governance and Management

Web Policies and Procedures

Contact Us About Web Policies and Procedures
Contact Us to ask a question, provide feedback, or report a problem.
Last updated on September 11, 2024