Procedure: Protecting Content During Web Site Development

Note

All EPA public content pages and web applications are required to follow this standard. 

Procedure: Protecting Content During Web Site Development Brief Description

(see the full document below for details)

About this procedure

Required or Recommended: Required

Effective Date: 09/07/2006
Last approved Date: 10/11/2017

Full Document Metadata

This document outlines the procedures for development websites used to protect content from public access before management review and approval.

On this page:

Definitions

Development website: a page, set of pages, or application with draft code, content or design available to a restricted audience so that management and other interested parties can review the code, content or design before allowing public access. May also be known as staging or pre-production website.

Required Steps

  • Using the WebCMS:
    • If your content can be viewed by anyone in the Agency and you don’t have any sensitive files, you can create a draft page, pages, or web area in the WebCMS. A draft unpublished page or site can be shared with anyone at EPA: they can log in with their credentials (LAN ID/password or PIV card) to see it.
    • If you need people outside the Agency to review your content, you can use the external review function to protect the web pages. 
    • Uploaded files can be marked as Public or Private. Files marked private will not be available to anonymous readers. Mark the file as public when it is ready to be viewed by all. To make files private or public, see Sensitive (Private) vs Public Files.
  • Using another application:
    • All applications must have protected development, staging, or pre-production environments for testing new code and content. These environments must not be publicly available.

How To

Create a Password Protected Area on www3.epa.gov

Enable Password Protection for external review of WebCMS content pages

Sensitive (Private) vs Public Files

Examples

When WebCMS content is protected for external review, you will be asked for a user name and password:

log in menu

Rationale

This procedure protects EPA content intended for eventual public view before obtaining prior to management review and approval.  When developing new webpages or applications for public access, it is EPA’s practice to post these pages on a development site, sometimes for a short duration, for the following purposes:

  • data verification,
  • usability testing,
  • external partner input,
  • link checking, and
  • management review.

Some EPA offices use “staging” or “pre-production” servers to perform these functions. These servers are in continuous operation and might be enabled for public access. In addition, some offices use temporary areas on EPA's web server or on the Intranet server. In all cases, it is necessary to prevent the public from viewing EPA information not yet approved for publication on the Web.

Exemptions

No waivers for EPA Internet sites will be granted.
The intranet is automatically protected against public viewing, so no additional protection is necessary for developmental sites on the Intranet.

See Also

None

Related Governance Documents

EPA

Related Policies

  • None

Related Procedures

Related Standards

  • None

Related Guidance

  • None

Non-EPA

  • None

Full Metadata about this standard

Name Protecting Content during Web Site Development
Type Procedure
Required or Recommended Required 
Effective date 09/07/2006
Original Date approved 08/16/2006
Last Date approved 04/10/2024
Category Area Setup
Web Council review by 04/10/27 (or earlier if deemed necessary by the Web Council) 
Governing Policy Web Governance and Management

Web Policies and Procedures

Contact Us About Web Policies and Procedures
Contact Us to ask a question, provide feedback, or report a problem.
Last updated on April 10, 2024