Skip to main content

Domain requirements

This overview of .gov domain registration requirements is meant to further explain and clarify sections of the Federal Policy, which focuses on purpose and jurisdiction.

The .gov domain facilitates collaboration among government-to-government, government-to-business, and government-to-citizen entities. The domain hosts only official, government sites at the federal, state, and local levels, including federally recognized Indian tribes and Alaskan Native groups, known as Native Sovereign Nations (NSNs). The .gov domain provides the official and trusted internet presence for these government entities.

Every .gov domain name application is carefully examined to ensure domain names requested will not create misunderstandings about the purpose of domains and their content. GSA arbitrates domain name issues and reserves the right to deny domain name requests that do not adequately meet requirements. All domain requests and requests for exception to policy will come from the CIO for Federal and State level domains. Exceptions to policy requests for local governments will originate from the Authorizing Authority only. The Authorizing Authority is the highest elected official (mayor, or county or parish supervisor), that authorizes the domain to operate and contain information reference to their government responsibilities.

General requirements

The following applies to all .gov domains:

Eligibility

To maintain domain name integrity, eligibility is limited to qualified government organizations and programs. Having a managed domain name such as .gov assures your customers that they are accessing an official U.S. government site.

No non-government advertisements

A .gov domain may not be used to advertise for private individuals, firms, or corporations. It may not be used to imply in any manner that the government endorses or favors any specific commercial product, commodity, or service.

No political or campaign information

The .gov domain is for the operation of government, not the political, political party, or campaign environment. No campaigning can be done using .gov domains. The .gov domain websites may not be directly linked to or refer to websites created or operated by a campaign or any campaign entity or committee. No political sites or party names or acronyms can be used. Separate websites and email on other top-level domains (TLDs), such as .org, will have to be used for political activity.

Naming conventions

Naming-convention rules are described in detail in the Federal Policy. Thousands of names, programs, and general terms are used in .gov domains. The following is a summary of naming-convention rules:

1. No general domain names

General terms alone such as “licenses,” “recreation,” and “benefits” are not allowed because they do not represent a specific enough origin and service. However, a domain name such as MarylandRecreation.gov is allowed (assuming that domain is authorized by either Maryland’s Chief Information Officer or the Governor of Maryland).

2. State postal codes

All state and local second-level .gov domains must include the two-letter state acronym or spell out the state name. Additional naming conventions apply for local entities, such as cities, towns, counties, territories, and parishes.

Examples:

Eligibility period

All .gov domains are registered for a 1-year eligibility period. During this period, a review of eligibility and administrative information is required. If necessary, the .gov registrar will contact the points of contact for domains. Please keep the contact information up to date. The .gov registrar may request an updated authorization letter, updated Domain Name Server (DNS) information, or other information. This information enables the government to ensure .gov domains provide secure, official websites and promotes the best possible service to the general public.

Privacy and use policy

Domains should adhere to appropriate level of policies in reference to personal information usage for their domain.

Domain suspension

Organizations that operate websites that are not in compliance with the conditions of use may have their domain name suspended or experience operational issues or terminated based on the severity of the issue. There are two levels of incidents:

1. Critical

Content restriction on the .gov domain does not allow criminal activities or obscene images, inappropriate sexually oriented material, or extremist material to be displayed or sent to system users. This material being accessed through a .gov domain URL could result in an expedient suspension. A process for resolution with escalation procedures is in place with the Registry and Registration Authority. The Registry and Registration Authority will contact the registration points of contacts and the Authorizing Authority advising them of an imminent domain suspension. The Authorizing Authority is the CIO for Federal level domains. The Authorizing Authority for State and Local governments and Native Sovereign Nations is the highest IT official or highest elected official that authorizes the domain to operate and contain information reference to their government responsibilities.

2. Administrative

Domains that have content with advertising materials, political or campaign information, substantial incorrect information, inappropriate web links (i.e. to sites that violate content policy), and incorrect redirects are not in compliance or not consistent with original intent or approved purpose. The Registry and Registration Authority will contact the points of contact on the domain to get issues resolved. The expectation is these administrative compliance issues are handled in a timely manner and suspension is reserved as a last resort.

The actual suspension of a domain without concurrence of a registrant requires the internal GSA approval at the Senior Executive level. Generally, for GSA initiated suspensions, the suspension will become effective 3 hours to 24 hours after notification of the points of contacts, depending on the severity of the issue. The notification of the contacts is the time at which one of the domain points of contact is contacted or the time that the voice and email messages are sent to all contacts, whichever is first. This provides an opportunity for the registrant to remediate the issue to avoid suspension. The Registry and Registration Authority will review the site to see if the policy violation has been remediated prior to the suspension.

Account information

It is the registrant’s responsibility to provide all requested information and keep all account information current; to include contact information, DNS information. It is the registrant’s responsibility to ensure the account is paid in full each year. Government domains / websites can be very large, complex, and support important business operations. The process to address policy violations will allow for coordination across organizational boundaries and involve persons with the authority to make decisions on the appropriate course of action and in the timeframe required. The administrative contact is the person who controls the content of the domain and is the manager of the operations of the domain. The technical contact is the person that operates the DNS and takes care of the technical operations such as security patches. The billing contact is the person that pays for the domain. The Authorizing Authority is the highest elected official that authorizes the domain to operate and contain information reference to their government responsibilities. The Authorizing Authority for Federal Agency domains is the CIO. The Authorizing Authority for State level domains is the Governor or their appointed CIO. The Authorizing Authority for local governments and Native Sovereign Nations is the highest elected official or the highest IT official.

Security

Security incident notification procedures:

  1. The Registry and Registration Authority shall notify the US-CERT of all incidents involving the intentional unauthorized access or unauthorized intentional damage to, modification, destruction or damage to a .gov domain. The administrative contact will be notified and involved to assist in the US-CERT investigation and report.

  2. Information received about incidents described in above shall be considered confidential and shall not be disclosed to the public.

Federal domains

The following applies only to federal .gov domains:

Authorization

All Federal Agency domain requests must come from the Chief Information Officer (CIO) of the Federal Agency. See cio.gov for a complete list of federal-agency CIOs.

Effective February 2018, all new Federal executive branch .gov domain requests will be subject to additional review and approval by the Office of Management and Budget (OMB). Renewals of existing Federal executive branch .gov domains will not be subject to additional review.

Section 508 compliance

Federal agency websites must be in compliance with Section 508 of the Rehabilitation Act.

Congressional domain requests

All legislative requests from the Legislative Branch (Congress) of the Federal Government for second-level .gov domains will go through the Senate Office of Information Resources or the House Information Resource Office prior to registering on the .gov domain.

Federal court domain requests

Federal court .gov domains are linked to uscourts.gov and authorized by the Office of Government-wide Policy.

Native sovereign nations domains

Native Sovereign Nations domains are coordinated with the following Chief Information Officer representative:

Bureau of Indian Affairs Office of Information Operations Attn: Angel Goldtooth 1011 Indian School Rd NW RM 183 Albuquerque, NM 87104

State domains

Authorization

Governors or a governor-appointed state chief information officer (CIO) must sign authorization letters for all state domain requests. To verify the identity of your state CIO, refer to nascio.org.

State name or postal code

To register any second-level .gov domain, state governments must register either the full state name or clearly indicate the state postal code at the beginning or end of the domain name. Use of a hyphen is not recommended but optional. Examples of state domain names are the following:

No obscure state names or postal codes

Use of the state postal code should not be embedded within a single word in a way that obscures the postal code. For example, “Information.gov” for Indiana (IN) or “Forests.gov” for Oregon (OR) are unacceptable. See paragraph 50 (§102-173.50) in the Federal Policy for more about this rule. Valid examples are the following:

Unlimited state-level domains

The state CIO and governor can register an unlimited number of second-level .gov domains, such as:

State courts and legislatures

State courts and legislatures request authorization from their state CIO or governor and follow the state’s internet policy, in addition to .gov domain Registration Federal Policy.

Utility, transportation, and regional authorities

Authorities such as a water district are instruments of the state and may use the .gov domain once approved by the State CIO, who will ensure they are operated by the state. Utilities and regional authorities that provide services such as water and sanitation which are not operated by the state and are state employed personnel are not eligible for a domain.

Local domains

Authorization

The authorization letter must be signed by the mayor or the highest-ranking, elected official because the domain is the internet presence for the entire city, town, county, township, or parish represented.

Utility, transportation, and regional authorities

Authorities such as a water district that are the instrument of local government or combined ownership by local governments, such as regional transportation authorities may share the .gov domain once approved by the Authorizing Authority, Mayor or highest ranking elected official of a local or State Government, who will ensure they are part of the local government. Utilities and regional authorities that provide services such as water and sanitation which are not operated by the local government and are not employed personnel of the government are not eligible for a domain.

Naming conventions

Naming conventions are described in depth in paragraphs 55 through 60 of the Federal Policy (§102-173.55 - § 102-173.60). The rules for local-government domains are the following:

Abbreviations

Abbreviations are not authorized unless an exception to the domain name is granted through the Registry and Registration Authority and the Domain Policy Authority.

Exception requests

The Domain Policy Authority will arbitrate all exceptions to policy 41 CFR 102-173 for naming conventions. The Registry and Registration Authority will determine domain holder eligibility.

Ready and green domain names

In order to support the Federal and State Government Ready and Green Program initiatives, local governments can register both prefixes to their already registered domain name.

Examples: