For Immediate Release
Contact: DotGov Helpdesk
Gov Internet Domain Policy Update
Updated Procedures and Security Measures
(Washington, DC) – The General Services Administration (GSA) operates the Internet Gov Domain for the Federal, State and Local governments, and Native Sovereign Nations. “The Internet Gov Domain Policy and Guidelines” document has been updated and is located on www.nic.gov and www.dotgov.gov in the reference section. Included in the document are the authority, history and background, and roles and responsibilities of the Domain Policy Authority (DPA), Registry and Registration Authority (RRA) and User Registrant (UR).
GSA is the Internet Gov Domain owner and DPA that ensures operational management is in compliance with policy. The responsibilities are divided between the Policy group and Operations group. This will provide registrants more information and answer many questions about registering and operating a second level Internet domain. The domain is a ‘Fee for Service’ program, and operates from the annual fees collected.
UR Roles and Responsibilities – One additional Point of Contact (POC) has been included in the registration process. The additional POC is the Authorizing Authority (AA) for the UR. The AA is the highest official in the jurisdiction that authorizes the domain to operate. For Federal Agency domains, the AA is the CIO. For State level domains, the AA is the Governor or their appointed CIO or representative. The AA for local governments and Native Sovereign Nations is the highest official. This information is necessary for 24/7 contact capability and issue resolution. Because of lessons learned during earlier incidents of service outages, we are including the required controls and phone numbers for:
Alternate Authorizing Authority
Not the same person
Not the same phone number and email address
Prefer a few different offices
One of the numbers should be a cell phone or other phone number that is answered outside of normal business hours.
DNS Hosting and Management- It is the UR’s responsibility to ensure that their Gov domain operation is hosted in a trusted DNS environment. Take precautions to select a quality service provider and plan for service outages, cyber attacks and continuity of operations.
Security and Incident Reporting – The UR should contact the Registrar / Helpdesk and report incidents involving the unauthorized intentional access or unauthorized intentional damage, modification, destruction, redirection from intended site or damage to an Internet Gov domain. The registrar will report the action to the US-CERT for action.
Escalation Procedures – A remediation process for content violations has been put in place to help domain owners avoid service disruptions. Operating procedures have been modified to make sure that a URL is not suspended without GSA senior executive approval.
Go Green – In the spirit of conservation, local governments can now request a second domain for their city / county centered on green or conservation initiatives.
Example: GreenDenverCo.gov or GreenDenver-CO.gov.
Be Ready – In coordination with the Department of Homeland Security efforts, cities and counties can now request a second domain for emergency preparedness.
Example: ReadyHoustonTx.gov or ReadyHouston-TX.gov.