A new day for .gov
April 27, 2021
CISA now administers the .gov top-level domain (TLD), a milestone required within 120 days of enactment of the DOTGOV Act. Since that day, we’ve:
- coordinated with our partners at GSA to transition daily management of the TLD,
- spoken with and heard from many federal, state, and local government organizations, including election administrators, as well as tech-centric, government-affiliated civic organizations,
- and worked to put .gov on solid programmatic footing at CISA going forward.
A new price for .gov
In conversations with current, former, and potential .gov registrants, one concern was raised above all others: the price of .gov domains, $400 per year. Though .gov is like a gated community – a digital space that’s only available to genuine U.S.-based government organizations – government IT administrators have often found the higher price hard to justify to their management in the face of lower-cost alternatives, typically priced at less than $20 annually from other TLDs. This is felt most acutely by smaller municipalities and the election community.
Since most other TLDs do not restrict who can obtain domains, it can be hard to tell whether a non-.gov-using online service that purports to be from a government is genuine. That impacts the public, who may be susceptible to cybersecurity or other real-world harms related to impersonation attempts. Similarly, these attempts can be successful at impersonating government officials to other officials inside government.
There’s perhaps never been a more important time for the public to know where to get official government information online. So, in order to remove unnecessary barriers and reduce the credibility of malicious impersonation attempts, .gov domains will be available at no cost for qualifying organizations beginning today.
A new standard for .gov
What’s it take to qualify? The requirements to obtain and maintain a .gov domain have been updated, an action also required by the DOTGOV Act. In addition to edits made for clarity and comprehension, here’s a summary of key substantive changes:
- Fees. From April 26, 2021 through at least the end of FY 2021, we will not be charging registrants any fees, including renewal fees.
- Limitations on sharing. We added a provision regarding limits on our sharing and the use of .gov information.
- Clarified, expanded domain eligibility and documented eligibility verification. We clarified who could request domain names on behalf of federal legislative and judicial agencies, and now allow tribal governments recognized by a state government (not just tribal governments recognized by the federal government) to request .gov domains. We also added a description of our process for verifying eligibility.
- Removed requirement for
-nsn. We eliminated the policy that native sovereign nations, or tribal governments, must append the-nsnsuffix to their requested domain name. State and federally recognized tribes may use it if they’d like. (Technical implementation is forthcoming.) - Restrictions. We reiterated that .gov domains may not be used for political campaigns or commercial purposes. We also included a restriction on .gov domains being used for malicious cyber activity, which can affect the security, integrity, and overall trustworthiness of the .gov top-level domain.
- Process for remediation. We described the process we’ll follow to help remedy the situation when a domain isn’t aligned with our required and prohibited activities.
The full diff between the current and prior requirements is also available for review.
It’s a new day for CISA’s DotGov program, and we look forward to getting the governments of the United States on the internet – securely.
- If you’re a U.S.-based government organization, check out https://home.dotgov.gov/registration/ to begin the registration process for a .gov domain.
- If you’re a member of the public and know U.S.-based government organizations that aren’t using .gov now, consider sharing a link to this post with them.
FAQ
Here’s some answers to questions you may have:
- How does the removal of fees affect the DOTGOV Act provision that makes Homeland Security grant funds available for “migrating any online service” to .gov?
- Does the removal of fees also apply to federal agencies?
- Since .gov domains are available at no cost, do you still need a billing contact for my domain?
- Do domain authorization letters still need to be notarized?
- Will refunds be available to organizations who recently paid for a .gov domain?
How does the removal of fees affect the DOTGOV Act provision that makes Homeland Security grant funds available for “migrating any online service” to .gov?
Migrating may include more than a registration fee. FEMA, which manages the Homeland Security grant program, has already documented in their preparedness grants manual that “migrating online services to the ‘.gov’ internet domain” may be part of the proposed expenditures within a qualifying government’s “investment justification” (IJ) submission.
Does the removal of fees also apply to federal agencies?
Yes. Federal agencies will not be charged a registration or renewal fee.
Since .gov domains are available at no cost, do you still need a billing contact for my domain?
For now, billing contacts remain a part of the .gov registrar and will need to be included in domain authorization letters. Since there is no billing function, however, you may consider it like a second administrative or technical contact. We anticipate updating the registrar soon so it doesn’t require a billing contact.
Do domain authorization letters still need to be notarized?
No.
Will refunds be available to organizations who recently paid for a .gov domain?
Unfortunately, no.