Domain requirements

When government organizations use a .gov domain name to serve the public on the internet, they make it easy to know that their services are official. That’s because every request for a .gov domain name is carefully examined by the DotGov program to ensure it is from a genuine U.S.-based government or public sector organization.

We (the DotGov program) have rules that minimize the risk that .gov domain names could mislead users about the source or purpose of a given government organization or activity, and we require registrants to carefully maintain a .gov domain name after registration.

This document outlines the general requirements that apply to all .gov registrants, as well as the specific requirements that apply to certain types of government organizations. These requirements may be updated in the future. Registrants will be provided advance notice of updates.

Pursuant to the DOTGOV Act of 2020 (6 U.S.C. § 665(c)(4)), CISA will establish policies to limit the sharing or use of any information obtained through administration of the .gov top-level domain with any other component of the Department of Homeland Security or any other agency for any purpose other than the administration of the .gov internet domain, supporting services we may offer, and the establishment of a .gov inventory.

---

General requirements

• Eligibility
• Naming requirements
• Required and prohibited activities

Eligibility

Only U.S.-based government and public sector organizations are eligible to obtain a .gov domain. This includes any federal, state, local, or territorial government entity, or other publicly controlled entity. It also includes any tribal government recognized by the federal government or a state government. Eligibility is determined by the DotGov Program, which will be informed by the United States Census Bureau’s criteria for classifying governments.

Determining eligibility

Eligibility is attested through a letter signed by your “authorizing authority”. The title of the official fulfilling this role varies between government organizations, but it is usually the chief information officer (CIO), the highest-ranking executive, or the highest elected official; see the specific requirements section below for more information regarding the appropriate official for your letter.

The letter includes address and contact information. We review the letter, may review or request founding documentation (such as legislation, a charter, or applicable bylaws), and may review or request additional records to verify the authorizing authority’s claim that they are affiliated with a U.S.-based government organization. Additional governmental and commercial data sources may be used to establish the authenticity of the request and verify the information shared in the letter.

.gov domains are registered for a 1-year period, but do not automatically expire. During the renewal process, registrants must review their eligibility and domain contact information to verify accuracy. We may contact you as part of the renewal process, and may also request an updated authorization letter or other information.

Naming requirements

While domain names must be globally unique, municipalities and their initiatives can have similar or identical names. Our naming rules are intended to avoid confusion about the registering organization’s name or services.

Correspondence

Domain names must correspond to your organization’s name or services and must not be likely to mislead or confuse the general public, even if your domain is only intended for a specific audience.

Generic terms

Only federal agencies can register domain names that consist solely of generic terms, like “licenses.gov,” “vote.gov,” and “benefits.gov.” However, a domain name like marylandvotes.gov could be allowed since the origin of service is explicitly and unambiguously identified.

Exceptions, including abbreviations

Exceptions to these requirements will be considered on a case-by-case basis. This includes requests for domain names with abbreviations (other than standard state or territory two-letter abbreviations). Some classes of exceptions are outlined in city and county domains below.

Name allocation

In the case of a name conflict, we will allocate domain names to the most appropriate party, at our discretion. We do not operate under a “first come, first served” basis, and we may apply discretion when allowing or denying domain requests.

Required and prohibited activities

The .gov domain exists to support a broad diversity of government missions and creative public initiatives, and, as a general matter, the DotGov program does not review and audit how organizations use their domains.

However, misuse of an individual .gov domain can reflect upon the integrity of the entire .gov space. There are a few categories of misuse that are statutorily prohibited or abusive in nature.

Required activities

Contact information

We ask that you maintain current and accurate contact information with us, and generally be responsive if we reach out to you. This includes asking you to maintain points of contact in the .gov registrar. In general:

• An administrative contact is the person who controls or approves content on the domain and is the manager of operations for the domain.

• The technical contact is the person who directly manages or operates your DNS.

Additionally, we strongly recommend the creation and use of a security contact.

Prohibited activities

Commercial purposes

A .gov domain must not be used for commercial purposes, such as advertising benefitting private individuals or entities.

Political campaigns

A .gov domain must not be used for political campaign purposes.

Illegal content

A .gov domain must not be used to distribute or promote material whose distribution violates applicable law.

Malicious cyber activity

.gov is a trusted and safe space. .gov domains must not distribute malware, host open redirects, or otherwise engage in malicious cyber activity.

Domain suspension

The DotGov program may need to suspend or terminate a domain registration for violations. Registrants should respond in a timely manner to communications about prohibited activities.

When we discover a violation, we will make reasonable efforts to contact a registrant, including:

1. Emails to domain contacts

2. Phone calls to domain contacts

3. Notification to the authorizing authority

4. Notification to the government organization generally, a parent organization, or potentially affiliated entities

The DotGov program understands the critical importance of the availability of .gov domains. Suspending or terminating a .gov domain is reserved only for prolonged, unresolved serious violations where the registrant is non-responsive. We will make extensive efforts to contact registrants and to identify potential solutions, and will make reasonable accommodations for remediation timelines proportionate to the severity of the issue.

The public may report suspected security issues or other serious violations to [email protected]; vulnerability notifications should generally be sent to the domain’s security contact if the registrant has set one, or otherwise to [email protected].

Specific requirements

• Federal
  • Legislative
  • Executive
  • Judicial
• Tribal
• State and U.S. territory
• Interstate
• Independent intrastate
• City and county

Federal domains

All general requirements apply. Use the federal authorization letter template.

Legislative branch authorizing authority

Domain requests from the Senate and House of Representatives, including their offices and organizations, must come from the Senate Sergeant at Arms, or the House Chief Administrative Officer.

Domain requests from legislative branch agencies must come from the agency’s head or CIO.

Domain requests from legislative commissions must come from the head of the Commission, or the head or CIO of the parent agency, if there is one.

Executive branch

• Submitting domain requests
• Review of requests
• Naming requirements
  • Brand or product identity
  • Generic terms
  • Unique and unambiguous
  • Length and characters
  • Variations
• Required and prohibited activities

Submitting domain requests

Federal executive branch agency requests for new .gov domains will be reviewed by the Office of Management and Budget (OMB) as required by M-23-10, “The Registration and Use of .gov Domains in the Federal Government.”

When submitting a request, you must describe:

• what the domain will be used for,
• who the intended audience is for the domain, including primary users, and
• why the specific domain name is needed and how it follows the naming requirements.

All domain requests must have the approval of the agency’s Chief Information Officer, or the head of the agency.

Review of requests

OMB will review domain requests from Federal executive branch agencies. Agencies can establish .gov domain names for any legitimate purpose, and are encouraged to register domains as needed to most effectively meet their mission. However, .gov domain names are a shared resource across all U.S.-based government organizations and agencies have a responsibility to carefully consider how potential domain names might impact the public and how they interact with government information and services.

OMB reviews all domain requests from the Federal executive branch to:

• ensure agencies are following relevant policies and domain name requirements,
• help avert or resolve potential domain-naming conflicts between agencies,
• reduce confusion arising from overuse of similar domain names, and
• reduce issues of misalignment between a domain name and its intended use.

In areas of domain name conflict, OMB will seek resolution with the agencies involved. OMB may deny a domain name request or a domain name renewal, or may request that an agency transfer ownership of an existing domain to another agency to remediate potential conflict or confusion. Agencies that do not follow the requirements and prohibitions below may have the relevant domain name transferred, terminated, or not renewed.

Naming requirements

A good domain name is memorable, not longer than necessary, and describes your organization or service in an unambiguous way.

Brand or product identity

A domain name helps establish brand identity. You should be careful when establishing domain names as not everything an agency does warrants a separate brand or product identity.

Agencies should use domain names to delineate:

• organizations (e.g., the agency name or bureau name),
• products (e.g., an online tool),
• services,
• programs, or
• initiatives.

You are encouraged to establish a new domain name when there is a clear need to provide online information, tools, and services to a user population based on public or business needs. Related information, content, tools, and services should be collocated on one domain so that your users do not have to navigate multiple websites to complete tasks.

You are discouraged from establishing separate domain names for smaller or minor organizational divisions, products, or services. For smaller units, you are encouraged to use subdomains or URL paths on existing domains.

Example: GetHelp.gov

• An agency wants to create a new initiative using GetHelp.gov rather than using a path within their existing URL (Agency.gov/gethelp). The agency believes that it is easier to remember, and a shorter name works better for marketing materials (e.g., posters, pencils, T-shirts, commercials, etc.) to redirect to the existing site. Agency submits request to the .gov Registry.
• OMB reviews and denies the request for GetHelp.gov because the agency has not demonstrated that the public would benefit from additional branding or a new standalone domain name. Agency launches the new initiative at Agency.gov/gethelp.

Generic terms

Agencies may request generic domain names. Generic names should be used sparingly for:

• broad government-wide efforts, or
• multi-agency collaborations.

Generic names may not be approved when an agency lacks significant or singular authority over a thematic topic. While a generic domain name is easier for people to remember than an unfamiliar brand, the intended use of the domain should match the potential public expectation for that domain name.

Example: Careers.gov

• An agency wants to promote their available job openings through a new domain, Careers.gov. The agency requests the domain name from the .gov Registry.
• OMB reviews and denies the request for Careers.gov because the domain would be used for job postings only for a particular agency, not for a broad government-wide or multi-agency initiative.
• The agency should instead host their website as either a subdomain, (e.g., careers.agency.gov), or as a path (e.g., Agency.gov/careers).

Unique and unambiguous

Agencies should avoid domain names that could be ambiguous or likely to mislead or confuse the general public, even if the domain is only intended for a specific audience or purpose.

If a domain name can be used to describe many different things in different contexts, agencies should request a domain name that is more specific.

Example: AppealsBoard.gov

• An agency is getting ready to launch a new appeals board that it will support and submits the request for AppealsBoard.gov to the .gov Registry.
• OMB reviews and denies the request for AppealsBoard.gov because it will not be clear to the public which specific appeals board will be represented by that domain.

Length and characters

A good domain name is no longer than necessary. Agencies should strive to keep their domain name under 15 characters. Longer domain names are harder to remember, and more prone to errors when typed.

Domain names should:

• generally be at least three characters,
• generally not longer than 30 characters,
• include only letters, numbers, or a hyphen (other characters, including spaces are not permitted), and
• not begin or end with a hyphen.

Example: ChildPoverty.gov and TimeForYouToTakeActionAboutChildPovertyInYourNeighborhood.gov

• An agency submits a request for TimeForYouToTakeActionAboutChildPovertyInYourNeighborhood.gov and ChildPoverty.gov to the .gov Registry.
• OMB reviews and denies the domain name request for TimeForYouToTakeActionAboutChildPovertyInYourNeighborhood.gov because of the length (57 characters). OMB approves the domain name request for ChildPoverty.gov, which is shorter in length and a more memorable domain name that describes the product or service which the domain will serve.

Variations

Agencies should avoid requesting unnecessary domain name variants unless there is a compelling need. Each domain name variation request will need a compelling justification, specific to that request (multiple requests can be on the same authorization letter).

Variations of domain names could include:

• alternative name,
• different spellings, typos, or misspellings,
• foreign language equivalents, or
• acronyms.

You may not defensively register variations of a .gov domain name. While this practice may be common when registering domains open to the general public, the .gov domain space is not first come, first serve and agencies do not need to protect against unauthorized use of their brands. Additional domain names for the same use case may not be approved.

Example: Expand.gov, Epxand.gov, and Expandir.gov

• An agency submits their request for Expand.gov, Epxand.gov, and Expandir.gov for a new initiative to the .gov Registry.
• OMB reviews and approves the request for Expand.gov, based on the agency’s justification for the use of the generic term.
• OMB also approves the domain name Expandir.gov because the agency’s justification is that the program is primarily targeted for Spanish-speaking Americans.
• OMB denies Epxand.gov because the agency’s justification was related to a hypothetical concern about typographical errors, and an additional domain with a redirect was not warranted.

Required and prohibited activities

Prohibitions on non-governmental use

Agencies may not use a .gov domain name:

• on behalf of a non-federal executive branch entity, or
• for a non-governmental purpose.

Additional requirements for domains

As required by the DOTGOV Act, agencies must ensure that any website or digital service that uses a .gov domain name is in compliance with the 21st Century Integrated Digital Experience Act.

Judicial branch authorizing authority

Domain name requests for any judicial branch agency (excluding the Supreme Court of the United States), must be authorized by the director or CIO of the Administrative Office (AO) of the United States Courts.

Domain requests from the Supreme Court of the United States must be authorized by the director of information technology for the Supreme Court of the United States.

Tribal domains

All general requirements apply. Use the tribal authorization letter template.

Tribal governments recognized by the federal government or a state government may request a .gov domain name. If desired, tribal domains may include the suffix -nsn, for native sovereign nation.

State and U.S. territory domains

All general requirements apply. Use the state/territory authorization letter template. (All references to “state” includes U.S. territories.)

State origin

State .gov domains must include the two-letter state abbreviation or clearly spell out the state name. Use of a hyphen is permitted but not recommended. Examples include:

• UtahGovernor.gov
• ColoradoDOT.gov
• NJRecycling.gov
• FloridaHeathDepartment.gov

Executive branch authorizing authority

Governors or a state CIO must sign the authorization letter for state executive branch domain requests. To determine the identity of your state CIO, check out nascio.org.

Legislative and judicial branch authorizing authority

State legislatures and courts obtain authorization from their CIO or highest-ranking executive, independent of their state executive branch.

Special district functions

Authorities like a water district that are publicly controlled instruments of state government may obtain a .gov domain once approved by the state CIO, who will ensure these entities are publicly controlled by the state. Utilities and regional authorities that provide services such as water and sanitation, but which are publicly controlled by the state, are not eligible for registration as a state domain. However, they may be eligible for registration as an independent intrastate domain.

Interstate domains

All general requirements apply. Use the interstate authorization letter template.

Interstate (multi-state) governmental organizations are most frequently formed via legislation from Congress or from a legal accord between, or passed by, the state governments of two or more states. Examples include multi-state commissions, organizations that manage interstate compacts, or port authorities that operate across jurisdictions.

The authorization letter for a domain name must:

• be signed by the highest-ranking executive (president, director, chair, or equivalent).

• link to, or have as an appendix, authorizing legislation, applicable bylaws or charter, or other documentation to support the organization’s claim of being a bona fide interstate governmental organization.

• list all the participating states.

• include a reference to your geographic area of jurisdiction.

Alternatively, instead of a letter containing this information, one or more of a state’s governors or CIOs can submit an authorization letter.

Domain names must represent your organization or institutional name, not solely the services you provide. Generic domain names are reserved for federal agencies. Examples include:

• AlabamaSoilandWater.gov
• GulfCoastWaterAuthority.gov
• SpaceFlorida.gov
• WmataOIG.gov

Independent intrastate domains

All general requirements apply. Use the independent intrastate authorization letter template.

Independent intrastate (within a single state) governmental organizations are most frequently formed via state or local legislation, where authority is vested in them to operate fully or quasi-independently from the state. Examples include organizations authorized by law that operate a jurisdiction’s elections, manage regional transit, or do area-wide economic planning with governance independent from e.g., the executive branch.

The authorization letter for a domain name must:

• be signed by the highest-ranking executive (president, director, chair, or equivalent).

• link to, or have as an appendix, authorizing legislation, applicable bylaws or charter, or other documentation to support the organization’s claim of being a bona fide intrastate governmental organization that is independent from the state.

• include a reference to your geographic area of jurisdiction.

State origin

Independent intrastate .gov domains must include the two-letter state abbreviation or clearly spell out the state name. Use of a hyphen is permitted but not recommended. Examples include:

• Coloradoarta.gov
• NYpa.gov
• PortHouston.gov
• TechshareTX.gov

City and county domains

All general requirements apply. Use the city/county authorization letter template.

Authorizing authority

The authorization letter must be signed by the mayor, chair of the county commission, or the equivalent highest elected official.

Origin

City and county .gov domains must include the two-letter state abbreviation or clearly spell out the state name. Use of a hyphen is permitted but not recommended. Examples include:

• CedartownGeorgia.gov
• CityofEudoraKS.gov
• MadisonCountyTN.gov
• WallawallaWA.gov

Counties or parishes must use the word “county” or “parish”. For cities, “City of”, “Town of”, or similar in the domain name is optional.

Special district functions

Authorities like a water district that are the instruments of local government may obtain a .gov domain once approved by the authorizing authority. Utilities and regional authorities that provide services such as water and sanitation which are not operated by the municipality are not eligible. They may be eligible for an independent intrastate domain, however.

City and county exception requests

Exceptions can be made for city and county domain names. To qualify for an exception, you should meet at least one of the following three criteria:

1. Unique: City and county names that are not duplicative of any other city, county, parish, town, borough, village, or equivalent elsewhere in the country at the time of issuance can be registered without needing a reference to the origin. This will be determined by using Census Bureau’s National Places Gazetteer Files.
2. Well-known: Certain cities are so well-known that they may not require a state reference to clearly communicate location. The list of US “dateline cities” in the Associated Press Stylebook will be reviewed.
3. Most populous: Census maintains population data for the United States. DotGov will allow the largest 50 cities’ names to be registered without a state suffix.

The authorization letter should provide your organization’s rationale for meriting an exception. Domain name exception requests that result in a generic name will likely be denied. Similarly, abbreviations are not authorized unless an exception is granted.

Questions

We invite you to send questions regarding these requirements (or suggestions for improving them) to [email protected] or to our GitHub repository.