Gov Internet Program Guidelines
This overview of Gov Internet domain registration requirements is meant to further explain and clarify some sections of the Federal Policy about registering second-level Gov Internet domains. The Federal Policy on Gov Internet domains focuses on purpose and jurisdiction.
A complete overview with formal policy is available on the registration policy website under the Policy and Registration tabs. The document includes Background, Policy, Guidelines, and 41 CFR 102-173 naming policy for Gov Internet Domains.
The Gov Internet domain facilitates collaboration among government-to-government, government-to-business, and government-to-citizen entities. The domain hosts only official, government sites at the federal, state and local levels of government, including federally recognized Indian tribes and Alaskan Native groups, known as Native Sovereign Nations (NSNs). The Gov Internet domain provides the official and trusted Internet presence for these government entities.
Every Gov Internet domain name application is carefully examined to ensure domain names requested will not create misunderstandings about the purpose of domains and their Web site content. GSA arbitrates domain name issues and reserves the right to deny domain name requests that do not adequately meet requirements. All domain requests and requests for exception to policy will come from the CIO for Federal and State level domains. Exception to policy requests for Local governments will originate from the Authorizing Authority (AA) only. Th eAA is th ehighest elected official (Mayor, County / Parish Supervisor), that authorizes the domain to operate and contain information reference to their government resonsibilities.
For further assistance with domain names and eligibility requirements, please refer to the Support sections or call the Help Desk toll free at (877) 734-4688 or firstname.lastname@example.org.
- Guidelines for All Second Level Gov Internet Domains
The following applies to all Gov Internet domains:
No non-Government Advertisements: A Gov Internet domain may not be used to advertise for private individuals, firms, or corporations, or imply in any manner that the government endorses or favors any specific commercial product, commodity, or service.
No Political or Campaign Information: The Gov Internet domain is for the operation of government, not the political, political party, or campaign environment. No campaigning can be done using .gov domains. The Gov Internet domain websites may not be directly linked to or refer to websites created or operated by a campaign or any campaign entity or committee. No political sites or party names or acronyms can be used. Separate wesbites and e-mail on other top-level domains (TLDs), such as .org, will have to be used for political activity.
Naming Conventions: Naming-convention rules are described in detail in the Federal Policy (41 CFR 102-173). Thousands of names, programs, and general terms are used in Gov Internet domains. The following is a summary of naming-convention rules:
No General Domain Names: General terms alone such as "licenses," "recreation," and "benefits" are not allowed because they do not represent a specific enough origin and service. However, a domain name such as "MarylandRecreation.gov" is allowed (assuming that domain is authorized by either Maryland's Chief Information Officer or the Governor of Maryland).
State Postal Codes: All state and local second-level Gov Internet domains must include the two-letter state acronym or spell out the state name. Additional naming conventions apply for local entities, such as cities, towns, counties, territories, and parishes.
Examples: UtahGovernor.gov, ColoradoDOT.gov, NJRecycling.gov, FloridaHeathDepartment.gov
Eligibility Period: All Gov Internet domains are registered for a 1-year eligibility period. During this period, a review of eligibility and administrative information is required. If necessary, the Gov Internet Registrar will contact the points of contact (POCs) for domains. Please keep POC information up to date. The Gov Internet Registrar may request an updated authorization letter, updated Domain Name Server (DNS) information, or other information. This information enables the government to ensure Gov Internet domains provide secure, official Web sites and promotes the best possible service to the general public.
Link Change Notification: When a link on a Gov Internet domain makes the user leave a Gov Internet website, a notification or screen (i.e., a splash message) should alert users that they are leaving the official Gov Internet domain page.
Privacy and Use Policy: Domains should adhere to appropriate level of policies in reference to personal information usage for their domain.
Domain Suspension: Organizations that operate Web sites that are not in compliance with the Gov Internet conditions of use may have their domain name suspended or experience operational issues or terminated based on the severity of the issue. There are two levels of incidents:
Critical - Content restriction on the Gov Internet Domain does not allow criminal activities or obscene images, inappropriate sexually oriented material, or extremist material to be displayed or sent to system users. This material being accessed through a Gov domain URL could result in an expedient suspension. A process for resolution with escalation procedures is in place with the RRA. The RRA will contact the registration points of contacts (POCs) and the Authorizing Authority (AA) advising them of an imminent domain suspension. The AA is the CIO for Federal level domains. The Authorizing Authority (AA), for State and Local governments and Native Sovereign Nations is the highest IT official or highest elected official that authorizes the domain to operate and contain information reference to their government responsibilities.
Administrative - Domains that have content with advertising materials, political or campaign information, substantial incorrect information, inappropriate web links (i.e. to sites that violate content policy), and incorrect redirects are not in compliance or not consistent with original intent or approved purpose. The domain POCs will be contacted by the RRA to get issues resolved. The expectation is these administrative compliance issues are handled in a timely manner and suspension is reserved as a last resort.
The actual suspension of a domain without concurrence of a registrant requires the internal GSA approval at the Senior Executive level. Generally, for GSA initiated suspensions, the suspension will become effective 3 hours to 24 hours after notification of the points of contacts (POCs), depending on the severity of the issue. The notification of the contacts is the time at which one of the domain points of contact (POCs) is contacted or the time that the voice and email messages are sent to all contacts, whichever is first. This provides an opportunity for the registrant to remediate the issue to avoid suspension. The RRA will review the site to see if the policy violation has been remediated prior to the suspension.
Account Information: It is the registrant's responsibility to provide all requested information and keep all account information current; to include POC information, DNS information. It is the registrant's responsibility to ensure the account is paid in full each year. Government domains / websites can be very large, complex, and support important business operations. The process to address policy violations will allow for coordination across organizational boundaries and involve persons with the authority to make decisions on the appropriate course of action and in the timeframe required. The Administrative POC is the person who controls the content of the domain and is the manager of the operations of the domain. The Technical POC is the person that operates the DNS and takes care of the technical operations such as security patches. The Billing POC is the person that pays for the domain. The Authorizing Authority (AA) is the highest elected official that authorizes the domain to operate and contain information reference to their government responsibilities. The AA for Federal Agency domains is the CIO. The AA for State level domains is the Governor or their appointed CIO. The AA for local governments and Native Sovereign Nations is the highest elected official or the highest IT official.
Security: Security incident notification procedures:
The RRA shall notify the US-CERT of all incidents involving the intentional unauthorized access or unauthorized intentional damage to, modification, destruction or damage to a Gov Internet domain. The Administrative POC will be notified and involved to assist in the US-CERT investigation and report.
Information received about incidents described in (a) above shall be considered confidential and shall not be disclosed to the public.
- Federally Sponsored Domain Guidelines
The following applies only to federal Gov Internet domains:
CIO Authorization: All Federal Agency domain requests must come from the Chief Information Officer of the Federal Agency. See www.cio.gov for a complete list of federal-agency CIOs. (Note: This link will open a new browser window and leave this site.)
Section 508 Compliance: All Federal Agency websites must be in compliance with Section 508 of the Rehabilitation Act. (Note: This link will open a new browser window and leave this site.)
Congressional Domain Requests: All legislative requests from the Legislative Branch (Congress) of the Federal Government for second-level Gov Internet domains will go through the Senate Office of Information Resources or the House Information Resource Office prior to registering on the Gov Internet domain.
Federal Court Domain Requests: All federal court Gov Internet domains are linked to uscourts.gov and authorized by the Office of Government wide Policy. See http://app.comm.uscourts.gov/. (Note: This link will open a new browser window and leave this site.)
NSN Domain Requests: All Native Sovereign Nations domains are coordinated with the following Chief Information Officer representative:
Bureau of Indian Affairs
Office of Information Development
Attn: Angel Goldtooth, Imelda Tapang,
- State-Sponsored Domain Guidelines
CIO or Governor Authorization: Governors or the governor-appointed state chief information officers must sign authorization letters for all state domain requests. To verify the identity of your state CIO, refer to www.nascio.org. (Note: This link will open a new browser window and leave this site.)
State Name or Postal Code: To register any second-level Gov Internet domain, state governments must register either the full state name or clearly indicate the state postal code at the beginning or end of the domain name. Use of a hyphen is not recommended but optional. Examples of state domain names are the following:
There will be no obscure State names or postal codes: Use of the state postal code should not be embedded within a single word in a way that obscures the postal code. For example, "Information.gov" for Indiana (IN) or "Forests.gov" for Oregon (OR) are unacceptable. See the following paragraph in the Federal Policy for more about this rule: .Valid examples are the following:
Unlimited State-Level Domains: The state CIO and governor can register an unlimited number of second-level Gov Internet domains (e.g., Georgia.gov, GA.gov, MyGeorgia.gov, NewGeorgia.gov, etc.).
State Courts/State Legislatures: State courts and legislatures request authorization from their state CIO or governor and follow the state's Internet policy, in addition to Gov Internet Domain Registration Federal Policy.
Utility, Transportation, and Regional Authorities, such as a water district are instruments of the state and may use the Gov Internet domain once approved by the State CIO, who will ensure they are operated by the state. Utilities and regional authorities that provide services such as water and sanitation which are not operated by the state and are state employed personnel are not eligible for a domain.
- Local Government Sponsored Domain Guidelines
As of March 2003, local governments are authorized to get second-level Gov Internet domains.
AA (Mayor or Elected Official Authorization): The authorization letter must be signed by the mayor or the highest-ranking, elected official because the domain is the Internet presence for the entire city, town, county, township, or parish represented.
Utility, Transportation, and Regional Authorities, such as a water district that are the instrument of local government or combined ownership by local governments, such as regional transportation authorities may share the Gov Internet domain once approved by the AA, Mayor or highest ranking elected official of a local or State Government, who will ensure they are part of the local government. Utilities and regional authorities that provide services such as water and sanitation which are not operated by the local government and are not employed personnel of the government ar not eligible for a domain.
Naming Conventions: Naming conventions are described in depth in the following parts of the published policy: . The rules for local-government domains are the following:
The preferred format is "CityName-StatePostalCode.gov":
- Example: Tyler-tx.gov or TylerTX.gov
County government names will contain the spelled-out word "County" or "Parish" in the name. See the following for more information: .
The words "City of" or "Town of" are optional (e.g., CityofAlbany-OR.gov)
Abbreviations: Abbreviations are not authorized unless an exception to the domain name is granted through the RRA and the DPA.
Exception Requests: The DPA will arbitrate all exceptions to policy 41 CFR 102-173 for naming convention. The RRA will determine domain holder eligibility.
Ready / Green Local Level Domain Names: In order to support the Federal and State Government Ready and Green Program initiatives, local governments can register both prefixes to their already registered domain name.
- ReadyHoustonTX.gov or GreenHoustonTX.gov
- ReadyAugustaME.gov or GreenAugustaME.gov
- ReadyKansasCityMO.gov or GreenKansasCityMO.gov
- ReadyDadeCountyFL.gov or GreenDadeCountyFL.gov