Skip to main content

Domain requirements

When government organizations use a .gov domain name to serve the public on the internet, they make it easy to know that their services are official. That’s because every request for a .gov domain name is carefully examined by the DotGov program to ensure it is from a genuine U.S.-based government or public sector organization.

We (the DotGov program) have rules that minimize the risk that .gov domain names could mislead users about the source or purpose of a given government organization or activity, and we require registrants to carefully maintain a .gov domain name after registration.

This document outlines the general requirements that apply to all .gov registrants, as well as the specific requirements that apply to certain types of government organizations. These requirements may be updated in the future. Registrants will be provided advance notice of updates.

Pursuant to the DOTGOV Act of 2020 (6 U.S.C. § 665(c)(4)), CISA will establish policies to limit the sharing or use of any information obtained through administration of the .gov top-level domain with any other component of the Department of Homeland Security or any other agency for any purpose other than the administration of the .gov internet domain, supporting services we may offer, and the establishment of a .gov inventory.

General requirements


Only U.S.-based government and public sector organizations are eligible to obtain a .gov domain. This includes any federal, state, local, or territorial government entity, or other publicly controlled entity. It also includes any tribal government recognized by the federal government or a state government. Eligibility is determined by the DotGov Program, which will be informed by the United States Census Bureau’s criteria for classifying governments.

Determining eligibility

Eligibility is attested through a letter signed by your “authorizing authority”. The title of the official fulfilling this role varies between government organizations, but it is usually the chief information officer (CIO), the highest-ranking executive, or the highest elected official; see the specific requirements section below for more information regarding the appropriate official for your letter.

The letter includes address and contact information. We review the letter, may review or request founding documentation (such as legislation, a charter, or applicable bylaws), and may review or request additional records to verify the authorizing authority’s claim that they are affiliated with a U.S.-based government organization. Additional governmental and commercial data sources may be used to establish the authenticity of the request and verify the information shared in the letter.

.gov domains are registered for a 1-year period, but do not automatically expire. During the renewal process, registrants must review their eligibility and domain contact information to verify accuracy. We may contact you as part of the renewal process, and may also request an updated authorization letter or other information.

Naming requirements

While domain names must be globally unique, municipalities and their initiatives can have similar or identical names. Our naming rules are intended to avoid confusion about the registering organization’s name or services.


Domain names must correspond to your organization’s name or services and must not be likely to mislead or confuse the general public, even if your domain is only intended for a specific audience.

Generic terms

Only federal agencies can register domain names that consist solely of generic terms, like “,” “,” and “” However, a domain name like could be allowed since the origin of service is explicitly and unambiguously identified.

Exceptions, including abbreviations

Exceptions to these requirements will be considered on a case-by-case basis. This includes requests for domain names with abbreviations (other than standard state or territory two-letter abbreviations). Some classes of exceptions are outlined in city and county domains below.

Name allocation

In the case of a name conflict, we will allocate domain names to the most appropriate party, at our discretion. We do not operate under a “first come, first served” basis, and we may apply discretion when allowing or denying domain requests.

Required and prohibited activities

The .gov domain exists to support a broad diversity of government missions and creative public initiatives, and, as a general matter, the DotGov program does not review and audit how organizations use their domains.

However, misuse of an individual .gov domain can reflect upon the integrity of the entire .gov space. There are a few categories of misuse that are statutorily prohibited or abusive in nature.

Required activities

Contact information

We ask that you maintain current and accurate contact information with us, and generally be responsive if we reach out to you. This includes asking you to maintain points of contact in the .gov registrar. In general:

Additionally, we strongly recommend the creation and use of a security contact.

Prohibited activities

Commercial purposes

A .gov domain must not be used for commercial purposes, such as advertising benefitting private individuals or entities.

Political campaigns

A .gov domain must not be used for political campaign purposes.

Illegal content

A .gov domain must not be used to distribute or promote material whose distribution violates applicable law.

Malicious cyber activity

.gov is a trusted and safe space. .gov domains must not distribute malware, host open redirects, or otherwise engage in malicious cyber activity.

Domain suspension

The DotGov program may need to suspend or terminate a domain registration for violations. Registrants should respond in a timely manner to communications about prohibited activities.

When we discover a violation, we will make reasonable efforts to contact a registrant, including:

  1. Emails to domain contacts

  2. Phone calls to domain contacts

  3. Notification to the authorizing authority

  4. Notification to the government organization generally, a parent organization, or potentially affiliated entities

The DotGov program understands the critical importance of the availability of .gov domains. Suspending or terminating a .gov domain is reserved only for prolonged, unresolved serious violations where the registrant is non-responsive. We will make extensive efforts to contact registrants and to identify potential solutions, and will make reasonable accommodations for remediation timelines proportionate to the severity of the issue.

The public may report suspected security issues or other serious violations to [email protected]; vulnerability notifications should generally be sent to the domain’s security contact if the registrant has set one, or otherwise to [email protected].

Specific requirements

Federal domains

All general requirements apply. Use the federal authorization letter template.

Legislative branch authorizing authority

Domain requests from the Senate and House of Representatives, including their offices and organizations, must come from the Senate Sergeant at Arms, or the House Chief Administrative Officer.

Domain requests from legislative branch agencies must come from the agency’s head or CIO.

Domain requests from legislative commissions must come from the head of the Commission, or the head or CIO of the parent agency, if there is one.

Executive branch

Submitting domain requests

Federal executive branch agency requests for new .gov domains will be reviewed by the Office of Management and Budget (OMB) as required by M-23-10, “The Registration and Use of .gov Domains in the Federal Government.”

When submitting a request, you must describe:

All domain requests must have the approval of the agency’s Chief Information Officer, or the head of the agency.

Review of requests

OMB will review domain requests from Federal executive branch agencies. Agencies can establish .gov domain names for any legitimate purpose, and are encouraged to register domains as needed to most effectively meet their mission. However, .gov domain names are a shared resource across all U.S.-based government organizations and agencies have a responsibility to carefully consider how potential domain names might impact the public and how they interact with government information and services.

OMB reviews all domain requests from the Federal executive branch to:

In areas of domain name conflict, OMB will seek resolution with the agencies involved. OMB may deny a domain name request or a domain name renewal, or may request that an agency transfer ownership of an existing domain to another agency to remediate potential conflict or confusion. Agencies that do not follow the requirements and prohibitions below may have the relevant domain name transferred, terminated, or not renewed.

Naming requirements

A good domain name is memorable, not longer than necessary, and describes your organization or service in an unambiguous way.

Brand or product identity

A domain name helps establish brand identity. You should be careful when establishing domain names as not everything an agency does warrants a separate brand or product identity.

Agencies should use domain names to delineate:

You are encouraged to establish a new domain name when there is a clear need to provide online information, tools, and services to a user population based on public or business needs. Related information, content, tools, and services should be collocated on one domain so that your users do not have to navigate multiple websites to complete tasks.

You are discouraged from establishing separate domain names for smaller or minor organizational divisions, products, or services. For smaller units, you are encouraged to use subdomains or URL paths on existing domains.


Generic terms

Agencies may request generic domain names. Generic names should be used sparingly for:

Generic names may not be approved when an agency lacks significant or singular authority over a thematic topic. While a generic domain name is easier for people to remember than an unfamiliar brand, the intended use of the domain should match the potential public expectation for that domain name.


Unique and unambiguous

Agencies should avoid domain names that could be ambiguous or likely to mislead or confuse the general public, even if the domain is only intended for a specific audience or purpose.

If a domain name can be used to describe many different things in different contexts, agencies should request a domain name that is more specific.


Length and characters

A good domain name is no longer than necessary. Agencies should strive to keep their domain name under 15 characters. Longer domain names are harder to remember, and more prone to errors when typed.

Domain names should:

Example: and


Agencies should avoid requesting unnecessary domain name variants unless there is a compelling need. Each domain name variation request will need a compelling justification, specific to that request (multiple requests can be on the same authorization letter).

Variations of domain names could include:

You may not defensively register variations of a .gov domain name. While this practice may be common when registering domains open to the general public, the .gov domain space is not first come, first serve and agencies do not need to protect against unauthorized use of their brands. Additional domain names for the same use case may not be approved.

Example:,, and

Required and prohibited activities
Prohibitions on non-governmental use

Agencies may not use a .gov domain name:

Additional requirements for domains

As required by the DOTGOV Act, agencies must ensure that any website or digital service that uses a .gov domain name is in compliance with the 21st Century Integrated Digital Experience Act.

Judicial branch authorizing authority

Domain name requests for any judicial branch agency (excluding the Supreme Court of the United States), must be authorized by the director or CIO of the Administrative Office (AO) of the United States Courts.

Domain requests from the Supreme Court of the United States must be authorized by the director of information technology for the Supreme Court of the United States.

Tribal domains

All general requirements apply. Use the tribal authorization letter template.

Tribal governments recognized by the federal government or a state government may request a .gov domain name. If desired, tribal domains may include the suffix -nsn, for native sovereign nation.

State and U.S. territory domains

All general requirements apply. Use the state/territory authorization letter template. (All references to “state” includes U.S. territories.)

State origin

State .gov domains must include the two-letter state abbreviation or clearly spell out the state name. Use of a hyphen is permitted but not recommended. Examples include:

Executive branch authorizing authority

Governors or a state CIO must sign the authorization letter for state executive branch domain requests. To determine the identity of your state CIO, check out

Legislative and judicial branch authorizing authority

State legislatures and courts obtain authorization from their CIO or highest-ranking executive, independent of their state executive branch.

Special district functions

Authorities like a water district that are publicly controlled instruments of state government may obtain a .gov domain once approved by the state CIO, who will ensure these entities are publicly controlled by the state. Utilities and regional authorities that provide services such as water and sanitation, but which are publicly controlled by the state, are not eligible for registration as a state domain. However, they may be eligible for registration as an independent intrastate domain.

Interstate domains

All general requirements apply. Use the interstate authorization letter template.

Interstate (multi-state) governmental organizations are most frequently formed via legislation from Congress or from a legal accord between, or passed by, the state governments of two or more states. Examples include multi-state commissions, organizations that manage interstate compacts, or port authorities that operate across jurisdictions.

The authorization letter for a domain name must:

Alternatively, instead of a letter containing this information, one or more of a state’s governors or CIOs can submit an authorization letter.

Domain names must represent your organization or institutional name, not solely the services you provide. Generic domain names are reserved for federal agencies. Examples include:

Independent intrastate domains

All general requirements apply. Use the independent intrastate authorization letter template.

Independent intrastate (within a single state) governmental organizations are most frequently formed via state or local legislation, where authority is vested in them to operate fully or quasi-independently from the state. Examples include organizations authorized by law that operate a jurisdiction’s elections, manage regional transit, or do area-wide economic planning with governance independent from e.g., the executive branch.

The authorization letter for a domain name must:

State origin

Independent intrastate .gov domains must include the two-letter state abbreviation or clearly spell out the state name. Use of a hyphen is permitted but not recommended. Examples include:

City and county domains

All general requirements apply. Use the city/county authorization letter template.

Authorizing authority

The authorization letter must be signed by the mayor, chair of the county commission, or the equivalent highest elected official.


City and county .gov domains must include the two-letter state abbreviation or clearly spell out the state name. Use of a hyphen is permitted but not recommended. Examples include:

Counties or parishes must use the word “county” or “parish”. For cities, “City of”, “Town of”, or similar in the domain name is optional.

Special district functions

Authorities like a water district that are the instruments of local government may obtain a .gov domain once approved by the authorizing authority. Utilities and regional authorities that provide services such as water and sanitation which are not operated by the municipality are not eligible. They may be eligible for an independent intrastate domain, however.

City and county exception requests

Exceptions can be made for city and county domain names. To qualify for an exception, you should meet at least one of the following three criteria:

  1. Unique: City and county names that are not duplicative of any other city, county, parish, town, borough, village, or equivalent elsewhere in the country at the time of issuance can be registered without needing a reference to the origin. This will be determined by using Census Bureau’s National Places Gazetteer Files.
  2. Well-known: Certain cities are so well-known that they may not require a state reference to clearly communicate location. The list of US “dateline cities” in the Associated Press Stylebook will be reviewed.
  3. Most populous: Census maintains population data for the United States. DotGov will allow the largest 50 cities’ names to be registered without a state suffix.

The authorization letter should provide your organization’s rationale for meriting an exception. Domain name exception requests that result in a generic name will likely be denied. Similarly, abbreviations are not authorized unless an exception is granted.


We invite you to send questions regarding these requirements (or suggestions for improving them) to [email protected] or to our GitHub repository.