This page describes the requirements for developing Web applications for EERE sites. These are required for all public applications, including those hosted on partnership sites or those hosted on the EERE servers.
Submitting your Project to the Web Governance Team
If you want to develop a Web application, you will need to submit your project to the Web Governance Team and follow the process explained on the Process and Approvals page.
If your application will include a sign-in form that requires users to log in, you will need to fill out an E-Authentication Risk Assessment form. You should inform the Web Governance Team that you are filling out the form for your project. Contact Dennis Bartlett for questions about the form.
All EERE applications must be hosted in an environment that meets DOE's requirements for Certification and Accreditation (C&A). Approved hosting environments are:
- The EERE centralized Web site hosting environment
- The EERE Web hosting environment at the National Renewable Energy Laboratory.
- Other hosting environments that have received Certification and Accreditation (with preapproval from EERE Web Enterprise Manager.)
Supported Databases and Application Languages
Web applications should be coded using technologies that conform to the current hosting environment. Applications should not include third-party plug-ins that need to be installed on the Web server itself. Front-end Web application languages that are supported are:
- ASP v3.0
- NET (3.5) (VB.NET, ASP.NET, or C#)
- Drupal and PHP 5
Databases must be in Microsoft SQL Server (2000 / 2008 / 2012 and MySQL) format.
If you have any questions about supported applications or databases, contact Michael Thomas.
All EERE applications must use a ".gov" domain per the requirements of the Office of Management and Budget.
EERE is in the process of developing specific domain guidelines for EERE applications. See EERE's domain and URL standards.
If you want your application to be searchable in EERE's search tool, Ultraseek, contact the EERE Template Coordinator for information on how Ultraseek indexes dynamic URLs.
Designing for the EERE Identity
Applications should be in the EERE template. See an example on the AFDC website.
- Include the standard EERE footer.
- Apply the EERE navigation standards when it is appropriate to do so
- Use dynamic navigation if needed.
Applications can either be standalone sites, integrated into a larger site, and/or be linked via a pop-up window.
All applications must use the EERE style sheet. Styles may be added for elements not included in the master EERE style sheet. However, they should also reflect established standards.
Technical standards for static Web pages also apply to Web applications. These include, but are not limited to, standards for data tables, forms, and HTML syntax.
One exception to these standards for Web applications is the inclusion of a printable version. While printable versions are considered a best practice, they are not required for Web applications.
Web applications must also adhere to a special set of standards written specifically for dynamic applications. These include:
- Working in the standard browser set
- Meeting Section 508 and OMB guidelines for scripts, applets, and dynamic pages
The U.S. Department of Energy Office of the Chief Information Officer requires that public Web applications are not vulnerable to cyber security threats. Before a Web application can be sent live, it must be scanned with a Web application security assessment tool such as IBM's Rational Appscan. Any security issues found must be fixed prior to going live. After the application is live, the application should be scanned whenever there is a vulnerability update for the tool and be remediated as needed. In the absence of a vulnerability update, the application must be scanned at least once per year.