Skip to main content

Domain requirements

These requirements apply to new .gov registrants as of April 26, 2021. For existing registrants, the previous requirements will apply until renewal, at which time existing registrants will review and accept these updated requirements. A description of the differences between the previously posted requirements and these updated requirements is available below.

These requirements may be updated in the future. Registrants will be provided advance notice of updates.

Changes made by these updated requirements

Because management of the .gov top-level domain has been transferred from GSA to CISA, references to GSA and their processes have been removed. A number of updates have also been made for clarity and comprehension. Key substantive changes are the following:


When government organizations use a .gov domain name to serve the public on the internet, they make it easy to know that their services are official. That’s because every request for a .gov domain name is carefully examined by the DotGov program to ensure it is from a genuine U.S.-based government or public sector organization.

We (the DotGov program) have rules that minimize the risk that .gov domain names could mislead users about the source or purpose of a given government organization or activity, and we require registrants to carefully maintain a .gov domain name after registration.

This document outlines the general requirements that apply to all .gov registrants, as well as the specific requirements that apply to certain types of government organizations. These requirements may be updated in the future. Registrants will be provided advance notice of updates.

Pursuant to the DOTGOV Act of 2020 (6 U.S.C. § 665(c)(4)), CISA will establish policies to limit the sharing or use of any information obtained through administration of the .gov top-level domain with any other component of the Department of Homeland Security or any other agency for any purpose other than the administration of the .gov internet domain, supporting services we may offer, and the establishment of a .gov inventory.

General requirements

Eligibility

Only U.S.-based government and public sector organizations are eligible to obtain a .gov domain. This includes any federal, state, local, or territorial government entity, or other publicly controlled entity. It also includes any tribal government recognized by the federal government or a state government. Eligibility is determined by the DotGov Program, which will be informed by the United States Census Bureau’s criteria for classifying governments.

Determining eligibility

Eligibility is attested through a letter signed by your “authorizing authority”. The title of the official fulfilling this role varies between government organizations, but it is usually the chief information officer (CIO), the highest-ranking executive, or the highest elected official; see the specific requirements section below for more information regarding the appropriate official for your letter.

The letter includes address and contact information. We review the letter, may review or request founding documentation (such as legislation, a charter, or applicable bylaws), and may review or request additional records to verify the authorizing authority’s claim that they are affiliated with a U.S.-based government organization. Additional governmental and commercial data sources may be used to establish the authenticity of the request and verify the information shared in the letter.

.gov domains are registered for a 1-year period, but do not automatically expire. During the renewal process, registrants must review their eligibility and domain contact information to verify accuracy. We may contact you as part of the renewal process, and may also request an updated authorization letter or other information.

Naming requirements

While domain names must be globally unique, municipalities and their initiatives can have similar or identical names. Our naming rules are intended to avoid confusion about the registering organization’s name or services.

Correspondence

Domain names must correspond to your organization’s name or services and must not be likely to mislead or confuse the general public, even if your domain is only intended for a specific audience.

Generic terms

Only federal agencies can register domain names that consist solely of generic terms, like “licenses.gov,” “vote.gov,” and “benefits.gov.” However, a domain name like marylandvotes.gov could be allowed since the origin of service is explicitly and unambiguously identified.

Exceptions, including abbreviations

Exceptions to these requirements will be considered on a case-by-case basis. This includes requests for domain names with abbreviations (other than standard state or territory two-letter abbreviations). Some classes of exceptions are outlined in city and county domains below.

Name allocation

In the case of a name conflict, we will allocate domain names to the most appropriate party, at our discretion. We do not operate under a “first come, first served” basis, and we may apply discretion when allowing or denying domain requests.

Required and prohibited activities

The .gov domain exists to support a broad diversity of government missions and creative public initiatives, and, as a general matter, the DotGov program does not review and audit how organizations use their domains.

However, misuse of an individual .gov domain can reflect upon the integrity of the entire .gov space. There are a few categories of misuse that are statutorily prohibited or abusive in nature.

Required activities

Contact information

We ask that you maintain current and accurate contact information with us, and generally be responsive if we reach out to you. This includes asking you to maintain points of contact in the .gov registrar. In general:

Additionally, we strongly recommend the creation and use of a security contact.

Prohibited activities

Commercial purposes

A .gov domain must not be used for commercial purposes, such as advertising benefitting private individuals or entities.

Political campaigns

A .gov domain must not be used for political campaign purposes.

Illegal content

A .gov domain must not be used to distribute or promote material whose distribution violates applicable law.

Malicious cyber activity

.gov is a trusted and safe space. .gov domains must not distribute malware, host open redirects, or otherwise engage in malicious cyber activity.

Domain suspension

The DotGov program may need to suspend or terminate a domain registration for violations. Registrants should respond in a timely manner to communications about prohibited activities.

When we discover a violation, we will make reasonable efforts to contact a registrant, including:

  1. Emails to domain contacts

  2. Phone calls to domain contacts

  3. Notification to the authorizing authority

  4. Notification to the government organization generally, a parent organization, or potentially affiliated entities

The DotGov program understands the critical importance of the availability of .gov domains. Suspending or terminating a .gov domain is reserved only for prolonged, unresolved serious violations where the registrant is non-responsive. We will make extensive efforts to contact registrants and to identify potential solutions, and will make reasonable accommodations for remediation timelines proportionate to the severity of the issue.

The public may report suspected security issues or other serious violations to dotgov@cisa.dhs.gov; vulnerability notifications should generally be sent to the domain’s security contact if the registrant has set one, or otherwise to dotgov@cisa.dhs.gov.

Specific requirements

Federal domains

All general requirements apply. Use the federal authorization letter template.

Legislative branch authorizing authority

Domain requests from the Senate and House of Representatives, including their offices and organizations, must come from the Senate Sergeant at Arms, or the House Chief Administrative Officer.

Domain requests from legislative branch agencies must come from the agency’s head or CIO.

Domain requests from legislative commissions must come from the head of the Commission, or the head or CIO of the parent agency, if there is one.

Executive branch authorizing authority

Requests are subject to guidance issued by the Office of Management and Budget.

Judicial branch authorizing authority

Domain name requests for any judicial branch agency (excluding the Supreme Court of the United States), must be authorized by the director or CIO of the Administrative Office (AO) of the United States Courts.

Domain requests from the Supreme Court of the United States must be authorized by the director of information technology for the Supreme Court of the United States.

Native sovereign nation (tribal) domains

All general requirements apply. Use the tribal authorization letter template.

Tribal governments recognized by the federal government or a state government may request a .gov domain name. If desired, tribal domains may include the suffix -nsn, for native sovereign nation.

State and U.S. territory domains

All general requirements apply. Use the state/territory authorization letter template. (All references to “state” includes U.S. territories.)

State origin

State .gov domains must include the two-letter state abbreviation or clearly spell out the state name. Use of a hyphen is permitted but not recommended. Examples include:

Executive branch authorizing authority

Governors or a state CIO must sign the authorization letter for state executive branch domain requests. To determine the identity of your state CIO, check out nascio.org.

Legislative and judicial branch authorizing authority

State legislatures and courts obtain authorization from their CIO or highest-ranking executive, independent of their state executive branch.

Special district functions

Authorities like a water district that are publicly controlled instruments of state government may obtain a .gov domain once approved by the state CIO, who will ensure these entities are publicly controlled by the state. Utilities and regional authorities that provide services such as water and sanitation, but which are publicly controlled by the state, are not eligible for registration as a state domain. However, they may be eligible for registration as an independent intrastate domain.

Interstate domains

All general requirements apply. Use the interstate authorization letter template.

Interstate (multi-state) governmental organizations are most frequently formed via legislation from Congress or from a legal accord between, or passed by, the state governments of two or more states. Examples include multi-state commissions, organizations that manage interstate compacts, or port authorities that operate across jurisdictions.

The authorization letter for a domain name must:

Alternatively, instead of a letter containing this information, one or more of a state’s governors or CIOs can submit an authorization letter.

Domain names must represent your organization or institutional name, not solely the services you provide. Generic domain names are reserved for federal agencies. Examples include:

Independent intrastate domains

All general requirements apply. Use the independent intrastate authorization letter template.

Independent intrastate (within a single state) governmental organizations are most frequently formed via state or local legislation, where authority is vested in them to operate fully or quasi-independently from the state. Examples include organizations authorized by law that operate a jurisdiction’s elections, manage regional transit, or do area-wide economic planning with governance independent from e.g., the executive branch.

The authorization letter for a domain name must:

State origin

Independent intrastate .gov domains must include the two-letter state abbreviation or clearly spell out the state name. Use of a hyphen is permitted but not recommended. Examples include:

City and county domains

All general requirements apply. Use the city/county authorization letter template.

Authorizing authority

The authorization letter must be signed by the mayor, chair of the county commission, or the equivalent highest elected official.

Origin

City and county .gov domains must include the two-letter state abbreviation or clearly spell out the state name. Use of a hyphen is permitted but not recommended. Examples include:

Counties or parishes must use the word “county” or “parish”. For cities, “City of”, “Town of”, or similar in the domain name is optional.

Special district functions

Authorities like a water district that are the instruments of local government may obtain a .gov domain once approved by the authorizing authority. Utilities and regional authorities that provide services such as water and sanitation which are not operated by the municipality are not eligible. They may be eligible for an independent intrastate domain, however.

City and county exception requests

Exceptions can be made for city and county domain names. To qualify for an exception, you should meet at least one of the following three criteria:

  1. Unique: City and county names that are not duplicative of any other city, county, parish, town, borough, village, or equivalent elsewhere in the country at the time of issuance can be registered without needing a reference to the origin. This will be determined by using Census Bureau’s National Places Gazetteer Files.
  2. Well-known: Certain cities are so well-known that they may not require a state reference to clearly communicate location. The list of US “dateline cities” in the Associated Press Stylebook will be reviewed.
  3. Most populous: Census maintains population data for the United States. DotGov will allow the largest 50 cities’ names to be registered without a state suffix.

The authorization letter should provide your organization’s rationale for meriting an exception. Domain name exception requests that result in a generic name will likely be denied. Similarly, abbreviations are not authorized unless an exception is granted.

Questions

We invite you to send questions regarding these requirements (or suggestions for improving them) to dotgov@cisa.dhs.gov or to our GitHub repository.