Websites are an essential tool for government to interact with the public and deliver information and services to California residents.
The Website Standards policy is designed to strengthen the security, usability, accessibility and quality of State of California websites through standardization and adoption of best practices. This policy will foster a consistent look and feel and a common navigational framework across government, helping users recognize they are accessing official State of California information. This policy also encourages Agencies/state entity’s to design and develop websites that are accessible to people with disabilities and promotes the adoption of usability principles that adhere to California’s usability standards for website development.
A summary of the policy is outlined below. You can find the Technology Letter on the California Department of Technology website and refer to the details of the policy in SAM 5190.1 and SAM 5190.2
Websites shall include a strong brand presence for the State of California and the Agency/state entity. The use of consistent design elements will help promote a standard look-and-feel while also improving the overall user experience.
Header – The header provides a consistent, seamless look-and-feel to the State’s web presence. The header elements are:
State Branding – The CA.GOV logo shall be placed in the top left corner of the header area inside a horizontal band that is at least 40 pixels high. The CA.GOV logo must be at least 34 pixels high and contain a hyperlink to the CA.GOV web portal. A hypertext only link is not permitted in place of the hyperlinked graphic logo image.
Agency/state entity Branding – An Agency/state entity logo must be used for identification. The logo must be clear and contain legible text. When an Agency/state entity logo is not available, the state seal should be used in its place followed by the Agency/state entity title.
Navigation – Provide a direct link to the most utilized landing pages or services within the website. Ensure link names are clear and concise and accurately represent the destination content. Ensure that the primary and secondary navigational elements are consistent and provides navigation on all web pages throughout the website.
Search – A search button or hyperlink must be present inside the main navigation or header area.
Content Area – The content area in the Agency/state entity’s homepage provides a space for Agencies/state entities to include program specific content using a variety of elements and layouts.
Main Content – Agency/state entity’s essential programs or digital service offerings targeting California residents, visitors, businesses, and government entities. Digital services include the delivery of digital information (e.g., data or content) and transactional services (e.g., online forms, benefits applications) across a variety of platforms, devices, and delivery mechanisms (e.g., websites, mobile applications, and social media).
Main Content – Link to Governor’s website.
Footer – The footer must appear at the bottom of all Agency/state entity web pages.
Link to Agency/state entity’s Conditions of Use specific to the published website.
Contact information or link to contact information of the Agency/state entity that owns the website so there is no question as to which Agency/state entity the user may contact.
Online Voter Registration hyperlink to the California Secretary of State’s Online Voter Registration webpage.
Link to user visible sitemap which presents a systematic hierarchical view of the website.
Link to Website Accessibility Certification, see SAM Section 4833.2.
All Agencies/entities are responsible for ensuring their public websites are accessible to people with disabilities.
IT Accessibility Guidelines – All Agency/State entity websites must comply with web accessibility guidelines defined in SIMM Section 25 IT Accessibility Resource Guide.
Accessibility Page – All Agency/state entity websites must include information regarding accessibility features and resources pertinent to the Agency/state entity website.
CA.gov Domain Names and State Entity Profile
Per SAM Section 5195, web domains occupying the CA.GOV domain zone must comply with domain name requirements outlined in , SAM 5195.1. Please see SIMM Section 40A for additional information on naming conventions and protocols. Key elements of domain name policy compliance shall include:
Domain Name Certification – All entities that use the CA.GOV web domain are required to annually certify compliance with state and federal policy and guidelines and confirm that domain contact information is current through the CDT Domain Name Request System.
Agency/state Entity Profile – All Agencies/state entities that use the CA.GOV domain are required to annually verify the accuracy of their Agency/state entity profile through the CDT State Entity Profile Application.
CDT Domain Name Request System
All public facing websites and digital services should be designed around user needs with data-driven analysis influencing management and development decisions. Agencies/state entities should use qualitative and quantitative data to determine user goals, needs, and behaviors, and continually test websites and digital services to ensure that user needs are addressed.
Responsive Design – Ensure public websites and digital services are readily available to users on various devices and platforms. Websites must leverage responsive and adaptive capabilities that allow users of mobile devices, of varying sizes, equivalent access to government information and services available to desktop devices. ·
User Feedback – Leverage user feedback and analytics to prioritize the modernization and optimization of legacy websites and digital services that are most frequently accessed by users.
Usability Principles – Leverage State web usability principles and standards featured at WebStandards.ca.gov and Federal principles featured at usability.gov
Agencies/state entities must protect user privacy, data integrity and sensitive information.
Transport Layer Security – Websites shall, at minimum, use Transport Layer Security (TLS) certificates (formerly referred to as Secure Socket Layer (SSL) certificates) that adhere to a minimum Secure Hash Algorithm (SHA) 2 and 2048- bit key encryption. At minimum the full Agency/state entity name shall be provided as the “unit” for TLS certificate purposes. The contact person(s) named in a TLS certificate must be consistent with the contact(s) registered for the domain. Agency/state entities shall verify contacts are consistent as part of the annual Domain Name Certification process, see SAM Section 5195.
Extended Validation – Websites that process, store or transmit financial transactions and/or Personal Information, as defined by Civil Code Section 1798.3, shall use an Extended Validation (EV) TLS certificate.
Information Security Resources
Obtain a Certificate (current CDT customers)
*If you do not have a CDT Remedy account but would like an SSL certificate for your ca.gov website, please contact the CDT Service Desk at 916-464-4311.
Agencies/state entities must participate in statewide analytics by deploying the statewide analytics tracking code on all public-facing websites. Participation in statewide analytics does not preclude Agency/state entities from using other analytics programs.
Join us in building the statewide web resource you expect and deserve.
We encourage your feedback and suggestions!