Every Government Web Standards Audit check

Federal websites not using a .gov domain — or lacking documented agency approval for an alternative — are indistinguishable from phishing sites to the public. Citizens rely on .gov to verify legitimacy before submitting personal data or completing government transactions. The 21st Century IDEA Act (Sec. 3) and OMB M-23-22 both require .gov domains for federal public-facing sites. Missing or incomplete agency branding in header and footer compounds the risk: users cannot confirm the site belongs to the agency they intend to contact, undermining the trust that government services depend on.

Why this severity: Critical because a missing .gov domain or absent branding eliminates the primary trust signal citizens use to distinguish authentic government sites from impersonators, enabling phishing and eroding public confidence in legitimate services.

Every federal agency that operates a website must publish a privacy policy — it is a statutory requirement under the E-Government Act of 2002 (Section 208) and OMB M-17-06. Without one, citizens have no basis to understand how their PII is collected, stored, shared, or protected. Failure to reference OMB M-17-06 specifically signals the policy was written without awareness of federal obligations, leaving gaps around cookie disclosure, third-party analytics (DAP), and user rights that create compliance exposure and erode public trust. A generic or placeholder privacy page does not satisfy this requirement.

Why this severity: Critical because absent or federally non-compliant privacy policies violate the E-Government Act of 2002 and OMB M-17-06, exposing the agency to compliance findings and leaving citizens without legally required disclosures about their data.

Section 508 of the Rehabilitation Act and the 21st Century IDEA Act require federal websites to be accessible to people with disabilities. Publishing an accessibility statement is not optional — it is how agencies communicate their conformance status and give users with disabilities a path to request accommodations or report barriers. Without a statement that names a compliance level and provides at least two contact channels, users relying on assistive technology have no recourse when they hit access failures. Omitting this document also blocks WCAG 2.2 auditors from confirming whether conformance claims have been formally made.

Why this severity: High because a missing or content-free accessibility statement leaves users with disabilities without accommodation pathways and prevents external auditors from verifying the agency's Section 508 conformance claims.

Government websites are public-sector institutions, and citizens have a right to understand what an agency does, who leads it, and how it is structured before engaging with its services or submitting information. OMB M-23-22 and the 21st Century IDEA Act both require agencies to provide this institutional transparency. An about page without a substantive mission statement or leadership information signals either a placeholder site or an agency that has not completed its public-facing obligations — both undermine trust and fail the transparency standard that distinguishes government from commercial web presence.

Why this severity: High because an absent or content-thin About page fails the institutional transparency requirements of the 21st Century IDEA Act and OMB M-23-22, leaving citizens unable to verify agency identity or leadership before engaging with official services.

Federal agencies are legally obligated to provide the public with direct, accessible means of contact. The 21st Century IDEA Act (Sec. 3) and OMB M-23-22 both require agencies to offer multi-channel contact options — not just a form, but email, phone, or mailing address that citizens can use without relying on the website being functional. A contact page with only one method creates a single point of failure; users who cannot use web forms — due to accessibility needs, connectivity issues, or preference — have no alternative path to reach the agency.

Why this severity: High because a missing contact page or one with fewer than two contact methods violates the 21st Century IDEA Act's public accessibility requirements and leaves citizens — particularly those with disabilities or limited internet access — without a guaranteed path to agency services.

The Plain Writing Act of 2010 mandates that federal agencies use plain language in all public-facing documents and websites. Long, passive-voice sentences and unexplained jargon raise the cognitive load for all readers and functionally exclude people with lower literacy levels, non-native English speakers, and users accessing services under stress. When the average sentence exceeds 25 words, comprehension drops sharply for the majority of the U.S. adult population. Non-compliance with the Federal Plain Language Guidelines also signals systemic content governance failure — content that was never reviewed before publication.

Why this severity: High because content that violates the Plain Writing Act of 2010 and Federal Plain Language Guidelines actively prevents large segments of the public — including non-native English speakers and lower-literacy users — from understanding and using government services they are legally entitled to access.

WCAG 2.2 Success Criterion 2.4.2 requires that web pages have descriptive titles that identify their purpose — this is a Level A requirement, meaning it applies to all conformance levels including Section 508 compliance. Vague page titles like "Home" or framework defaults like "Create Next App" break screen reader navigation (users tab through open tabs by title), degrade search engine indexing, and prevent bookmark identification. For government sites with dozens of service pages, non-descriptive titles make the site unusable for the blind users who rely on page title as their primary navigation landmark.

Why this severity: Medium because non-descriptive page titles violate WCAG 2.2 SC 2.4.2 (Level A) and Section 508, degrading screen reader navigation and preventing users from distinguishing between open government pages without reading the full page content.

WCAG 2.2 Success Criteria 3.2.3 (Consistent Navigation, Level AA) and 3.2.4 (Consistent Identification, Level AA) require that navigation appearing on multiple pages uses the same order and labeling. Government sites frequently serve citizens across dozens of sessions — inconsistent navigation forces relearning on every visit and creates confusion that disproportionately affects users with cognitive disabilities. Broken navigation links (404s) from government pages also directly block citizens from accessing services they are legally entitled to use, and are among the most common failures in federal web audits.

Why this severity: Medium because inconsistent navigation across pages violates WCAG 2.2 SC 3.2.3 and 3.2.4 (Level AA), directly blocking users with cognitive disabilities from building the mental model needed to navigate government services reliably.

WCAG 2.2 SC 2.4.8 (Location, Level AAA) recommends breadcrumbs for sites with hierarchical structure — but for government sites with services organized 3–4 levels deep (e.g., `/services/health/insurance/dental`), breadcrumbs are a practical navigation necessity, not a luxury. Without them, users who land on a deep content page via search have no path back to parent sections, and users with cognitive or memory disabilities cannot orient themselves within the site. Federal sites with large service catalogs that lack breadcrumbs routinely show high exit rates on deep pages.

Why this severity: Info because breadcrumbs on deep hierarchical pages satisfy WCAG 2.2 SC 2.4.8 (Level AAA) and meaningfully reduce disorientation for screen reader and cognitive-disability users on government sites with complex service structures, but the violation does not block access outright.

OMB M-23-22 requires federal agencies to adopt the U.S. Web Design System (USWDS) to ensure a consistent, accessible, and trustworthy digital experience for the public. USWDS design tokens — spacing, color, and typography — encode Section 508 color contrast ratios and responsive scale decisions that would otherwise require individual agencies to re-solve. Without USWDS tokens, agencies typically build custom styles that fail color contrast (WCAG 1.4.3), use non-standard spacing that breaks on mobile, or adopt inconsistent typography that erodes the visual coherence citizens expect from .gov sites.

Why this severity: Medium because non-adoption of USWDS design tokens violates OMB M-23-22 guidance and typically introduces color contrast, spacing, or typography choices that breach WCAG 2.2 and Section 508, creating both compliance and accessibility failures across all pages.

The 21st Century IDEA Act (Sec. 3) explicitly requires all federal websites to be mobile-friendly, and WCAG 2.2 SC 1.3.4 prohibits restricting content to a single screen orientation. Government sites that render desktop-only layouts on mobile browsers exclude millions of users — the majority of U.S. residents now access federal services primarily via smartphone. A missing viewport meta tag is the single most common cause of mobile rendering failure and causes full-desktop layout to render at desktop scale on phone screens, making text illegible and forms unusable without pinch-zoom.

Why this severity: Medium because missing responsive design patterns or a viewport meta tag violates the 21st Century IDEA Act's mobile-friendly mandate and WCAG 2.2 SC 1.3.4, blocking mobile-primary users — a majority of government site visitors — from accessing services without error-prone manual zooming.

OMB M-23-22 requires federal agencies to use USWDS components — not just tokens — to create the consistent, trustworthy experience the public expects from .gov sites. Custom or third-party component libraries (Bootstrap, Material UI, shadcn) introduce component patterns that differ from the established federal design language, forcing citizens to re-learn interaction patterns when moving between agency sites. More critically, third-party components often fail USWDS accessibility validation: USWDS button, input, and alert components are built to Section 508 and WCAG 2.1 AA specifications that custom implementations routinely miss.

Why this severity: Low because using non-USWDS UI components violates OMB M-23-22's design system adoption requirement and frequently introduces accessibility regressions in buttons, form inputs, and alerts that USWDS components are specifically engineered to prevent, but the impact is incremental rather than blocking.

WCAG 2.2 SC 2.4.4 (Link Purpose in Context, Level A) and SC 2.4.9 (Link Purpose — Link Only, Level AAA) require that link text communicates destination or function without relying on surrounding context. Section 508 reinforces this at 1194.22. For screen reader users who navigate by tabbing through links, a list of "click here" or "read more" links is meaningless — they cannot determine which link to follow without reading all surrounding text. Government sites with dozens of service links that share generic labels create navigational dead ends for the blind and low-vision users those sites are legally required to serve.

Why this severity: Low because generic link labels violate WCAG 2.2 SC 2.4.4 (Level A) and Section 508, directly preventing screen reader users from navigating government service pages without laboriously reading surrounding context for every link encountered.

WCAG 2.2 SC 3.3.2 (Labels or Instructions, Level A) requires that form inputs provide clear labels, and SC 1.3.5 (Identify Input Purpose, Level AA) requires that fields collecting personal information be programmatically identifiable. Government forms that collect unnecessary fields create two compounding problems: they expose citizens to privacy risk (more PII collected than legally necessary), and they violate the principle of data minimization required by OMB M-17-06. Multi-step forms without progress indicators additionally violate WCAG 3.3 guidance and cause high abandonment — citizens who don't know how many steps remain often give up on benefit applications mid-way.

Why this severity: Low because poorly labeled form fields violate WCAG 2.2 SC 3.3.2 (Level A) and SC 1.3.5 (Level AA), while multi-step forms without progress indicators cause measurable abandonment of government benefit and service applications — but neither blocks form submission outright.

OMB M-17-06 requires that federal agencies participate in the Digital Analytics Program (DAP) to provide government-wide visibility into how citizens use federal web properties. DAP data informs funding decisions, identifies underserved populations, and powers analytics.usa.gov — the public dashboard of federal web traffic. A site without DAP installed contributes zero data to this shared federal analytics infrastructure, making it invisible in government-wide reporting and preventing OMB from tracking whether the agency's digital services meet performance standards. The absence of DAP also typically means the agency has no analytics at all.

Why this severity: Low because missing DAP tracking violates OMB M-17-06's analytics participation requirement and removes the site from government-wide digital service performance measurement, but does not directly expose citizens to privacy risk or block service access.

Section 508 of the Rehabilitation Act and the 21st Century IDEA Act require federal websites to be accessible, but self-attestation alone is insufficient for ongoing compliance. Annual third-party audits catch regressions that internal teams miss — new features, content updates, and framework upgrades routinely introduce WCAG failures that only appear in fresh manual testing. Without documented audit dates and findings, there is no evidence trail for oversight bodies or the public that the agency is actively maintaining its conformance claim. An outdated audit (more than 12 months old) means the accessibility statement is making claims that may no longer be true.

Why this severity: Info because absent or outdated third-party Section 508 audit documentation does not immediately block access for users, but it means the agency's conformance claims are unverified and potentially stale — creating accountability and legal exposure under Section 508's complaint process.

The 21st Century IDEA Act requires government websites to be searchable. For sites with 50+ pages or hierarchies 4 levels deep, navigation alone cannot surface content reliably — citizens searching for a specific benefit, regulation, or form cannot be expected to know which section of the site to browse. The absence of search on large government sites disproportionately affects citizens with lower digital literacy, who rely on keyword search rather than browsing navigation to find services. It also raises average time-on-task for all users and increases support call volume when citizens cannot self-serve.

Why this severity: Low because a missing search feature on a large or deeply hierarchical government site violates the 21st Century IDEA Act's searchability requirement and measurably increases task failure for citizens who cannot locate content through browse navigation alone.

Government sites publish policy changes, benefit deadlines, emergency guidance, and rulemaking updates that constituents and journalists need to track without repeatedly polling the homepage. Without an RSS feed or email subscription channel, citizens miss time-sensitive announcements, watchdog groups lose automated monitoring, and agencies force people back into social platforms they may not use. Offering machine-readable update feeds also supports findability for aggregators and accessibility tools that syndicate public-sector content.

Why this severity: Info because missing update channels reduces reach and transparency but does not break the site, expose data, or violate a specific mandate.