Security

ScanGov security standards and guidance.

Why it matters

Strong defenses prevent hackers from stealing personal information, Social Security numbers, and other confidential government records.

Watch

Learn more about ScanGov Security:

Standards

Our Security standards.

Content security policy (CSP)

HTTP Strict Transport Security (HSTS)

security.txt

X-Content-Type-Options

Errors in the console

Clickjacking mitigation

Paste preventing inputs

Guidance

Guidance we use to build our Security standards.

CISA Website Security

21st Century Integrated Digital Experience Act

CISA Cybersecurity Performance Goals

Memorandum (M-23-22)

RFC 9116

OWASP Top 10

Indicators

Holistically addressing government digital experience.

AI-friendly

Accessibility

Content

Domain

Performance

SEO

Security

Social