Skip to main content

IPv6, HTTPS, & Certificate Management

Overview

Cloud.gov enforces federal domain security standards:

  • Dual-stack IPv4/IPv6 networking for external endpoints in AWS GovCloud (US), satisfying OMB M-21-07’s IPv6 transition mandate.
  • High availability across multiple AZs: Application endpoints are load-balanced across multiple AWS GovCloud (US) Availability Zones for fault tolerance and automated failover.
  • Mandatory HTTPS for all inbound and outbound traffic, with automatic HTTP→HTTPS redirects and HSTS headers per OMB M-15-13 requirements.
  • FIPS-validated TLS termination at the platform edge using AWS security policies (ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04).
  • Automated TLS certificate management via Let’s Encrypt’s ACME protocol, ensuring seamless issuance, renewal, and rotation across domains.
  • Optional DNSSEC for custom domains to prevent DNS spoofing; once enabled by the customer, Cloud.gov serves signed records transparently.

Additional information about our TLS implementation and cipher suites can be found on our False Positives and Vulnerability Scanning page.

Customers should contact support@cloud.gov for any additional security or configuration questions.

GSA.gov

An official website of the U.S. General Services Administration

Looking for U.S. government information and services?
Visit USA.gov