The FHFA Chief Information Officer should Identify and implement a solution, in coordination with vendors, for meeting BOD 18-01 requirements to ensure all publicly accessible endpoints provide service through a secure connection (HTTPS-only, with HSTS). If there are no viable solutions, document any risk-based decisions, including compensating controls, for publicly accessible websites that are not in compliance with DHS BOD 18-01.