This overview of .gov domain registration requirements is meant to further explain and clarify sections of the Federal Policy, which focuses on purpose and jurisdiction.
The .gov domain facilitates collaboration among government-to-government, government-to-business, and government-to-citizen entities. The domain hosts only official, government sites at the federal, state, and local levels, including federally recognized Indian tribes and Alaskan Native groups, known as Native Sovereign Nations (NSNs). The .gov domain provides the official and trusted internet presence for these government entities.
Every .gov domain name application is carefully examined to ensure domain names requested will not create misunderstandings about the purpose of domains and their content. GSA arbitrates domain name issues and reserves the right to deny domain name requests that do not adequately meet requirements. All domain requests and requests for exception to policy will come from the CIO for Federal and State level domains. Exceptions to policy requests for local governments will originate from the Authorizing Authority only. The Authorizing Authority is the highest elected official (mayor, or county or parish supervisor), that authorizes the domain to operate and contain information reference to their government responsibilities.
The following applies to all .gov domains:
To maintain domain name integrity, eligibility is limited to qualified government organizations and programs. Having a managed domain name such as .gov assures your customers that they are accessing an official U.S. government site.
No non-government advertisements
A .gov domain may not be used to advertise for private individuals, firms, or corporations. It may not be used to imply in any manner that the government endorses or favors any specific commercial product, commodity, or service.
No political or campaign information
The .gov domain is for the operation of government, not the political, political party, or campaign environment. No campaigning can be done using .gov domains. The .gov domain websites may not be directly linked to or refer to websites created or operated by a campaign or any campaign entity or committee. No political sites or party names or acronyms can be used. Separate websites and email on other top-level domains (TLDs), such as .org, will have to be used for political activity.
Naming-convention rules are described in detail in the Federal Policy. Thousands of names, programs, and general terms are used in .gov domains. The following is a summary of naming-convention rules:
1. Generic terms, without additional identification, are reserved for federal agencies
Only federal agencies can register generic terms, such as “licenses,” “recreation,” and “benefits”, for domain names. However, a domain name like
marylandrecreation.gov could be allowed (once authorized by either Maryland’s Chief Information Officer or the Governor) since the origin of service is identified.
2. State postal codes
State and local second-level .gov domains must include the two-letter state acronym or spell out the state name. Additional naming conventions apply for local entities, such as cities, towns, counties, territories, and parishes.
All .gov domains are registered for a 1-year eligibility period. During this period, a review of eligibility and administrative information is required. If necessary, the .gov registrar will contact the points of contact for domains. Please keep the contact information up to date. The .gov registrar may request an updated authorization letter, updated Domain Name Server (DNS) information, or other information. This information enables the government to ensure .gov domains provide secure, official websites and promotes the best possible service to the general public.
Privacy and use policy
Domains should adhere to appropriate level of policies in reference to personal information usage for their domain.
Organizations that operate websites that are not in compliance with the conditions of use may have their domain name suspended or experience operational issues or terminated based on the severity of the issue. There are two levels of incidents:
Content restriction on the .gov domain does not allow criminal activities or obscene images, inappropriate sexually oriented material, or extremist material to be displayed or sent to system users. This material being accessed through a .gov domain URL could result in an expedient suspension. A process for resolution with escalation procedures is in place with the Registry and Registration Authority. The Registry and Registration Authority will contact the registration points of contacts and the Authorizing Authority advising them of an imminent domain suspension. The Authorizing Authority is the CIO for Federal level domains. The Authorizing Authority for State and Local governments and Native Sovereign Nations is the highest IT official or highest elected official that authorizes the domain to operate and contain information reference to their government responsibilities.
Domains that have content with advertising materials, political or campaign information, substantial incorrect information, inappropriate web links (i.e. to sites that violate content policy), and incorrect redirects are not in compliance or not consistent with original intent or approved purpose. The Registry and Registration Authority will contact the points of contact on the domain to get issues resolved. The expectation is these administrative compliance issues are handled in a timely manner and suspension is reserved as a last resort.
The actual suspension of a domain without concurrence of a registrant requires the internal GSA approval at the Senior Executive level. Generally, for GSA initiated suspensions, the suspension will become effective 3 hours to 24 hours after notification of the points of contacts, depending on the severity of the issue. The notification of the contacts is the time at which one of the domain points of contact is contacted or the time that the voice and email messages are sent to all contacts, whichever is first. This provides an opportunity for the registrant to remediate the issue to avoid suspension. The Registry and Registration Authority will review the site to see if the policy violation has been remediated prior to the suspension.
It is the registrant’s responsibility to provide all requested information and keep all account information current; to include contact information, DNS information. It is the registrant’s responsibility to ensure the account is paid in full each year. Government domains / websites can be very large, complex, and support important business operations. The process to address policy violations will allow for coordination across organizational boundaries and involve persons with the authority to make decisions on the appropriate course of action and in the timeframe required. The administrative contact is the person who controls the content of the domain and is the manager of the operations of the domain. The technical contact is the person that operates the DNS and takes care of the technical operations such as security patches. The billing contact is the person that pays for the domain. The Authorizing Authority is the highest elected official that authorizes the domain to operate and contain information reference to their government responsibilities. The Authorizing Authority for Federal Agency domains is the CIO. The Authorizing Authority for State level domains is the Governor or their appointed CIO. The Authorizing Authority for local governments and Native Sovereign Nations is the highest elected official or the highest IT official.
Security incident notification procedures:
The Registry and Registration Authority shall notify the US-CERT of all incidents involving the intentional unauthorized access or unauthorized intentional damage to, modification, destruction or damage to a .gov domain. The administrative contact will be notified and involved to assist in the US-CERT investigation and report.
Information received about incidents described in above shall be considered confidential and shall not be disclosed to the public.
The following applies only to federal .gov domains:
All Federal Agency domain requests must come from the Chief Information Officer (CIO) of the Federal Agency. See cio.gov for a complete list of federal-agency CIOs.
Effective February 2018, all new Federal executive branch .gov domain requests will be subject to additional review and approval by the Office of Management and Budget (OMB). Renewals of existing Federal executive branch .gov domains will not be subject to additional review.
Section 508 compliance
Federal agency websites must be in compliance with Section 508 of the Rehabilitation Act.
Congressional domain requests
All legislative requests from the Legislative Branch (Congress) of the Federal Government for second-level .gov domains will go through the Senate Office of Information Resources or the House Information Resource Office prior to registering on the .gov domain.
Federal court domain requests
Federal court .gov domains are linked to uscourts.gov and authorized by the Office of Government-wide Policy.
Native sovereign nations domains
Native Sovereign Nations domains are coordinated with the following Chief Information Officer representative:
Bureau of Indian Affairs Office of Information Operations Attn: Angel Goldtooth 1011 Indian School Rd NW RM 183 Albuquerque, NM 87104
Governors or a governor-appointed state chief information officer (CIO) must sign authorization letters for all state domain requests. To verify the identity of your state CIO, refer to nascio.org.
State name or postal code
To register any second-level .gov domain, state governments must register either the full state name or clearly indicate the state postal code at the beginning or end of the domain name. Use of a hyphen is not recommended but optional. Examples of state domain names are the following:
No obscure state names or postal codes
Use of the state postal code should not be embedded within a single word in a way that obscures the postal code. For example, “Information.gov” for Indiana (IN) or “Forests.gov” for Oregon (OR) are unacceptable. See paragraph 50 (§102-173.50) in the Federal Policy for more about this rule. Valid examples are the following:
Unlimited state-level domains
The state CIO and governor can register an unlimited number of second-level .gov domains, such as:
State courts and legislatures
State courts and legislatures can request authorization from their CIO or highest-ranking executive.
Utility, transportation, and regional authorities
Authorities such as a water district are instruments of the state and may use the .gov domain once approved by the State CIO, who will ensure they are operated by the state. Utilities and regional authorities that provide services such as water and sanitation which are not operated by the state and are state employed personnel are not eligible for a domain.
Interstate governmental organizations are most frequently formed via legislation from Congress or from a legal accord between the state governments of two or more states.
The authorization letter must be signed by the highest-ranking executive (director, chair, or equivalent). It should link to, or have as an appendix, authorizing legislation or documentation to support the organization’s claim of being a bona fide interstate governmental organization. All participating states must be named.
In lieu of authorizing legislation, at least one of the states’ governors or governor-appointed state CIOs can submit an authorization letter. All participating states must be named.
The authorization letter must be signed by the mayor or the highest-ranking, elected official because the domain is the internet presence for the entire city, town, county, township, or parish represented.
Utility, transportation, and regional authorities
Authorities such as a water district that are the instrument of local government or combined ownership by local governments, such as regional transportation authorities may share the .gov domain once approved by the Authorizing Authority, Mayor or highest ranking elected official of a local or State Government, who will ensure they are part of the local government. Utilities and regional authorities that provide services such as water and sanitation which are not operated by the local government and are not employed personnel of the government are not eligible for a domain.
Naming conventions are described in depth in paragraphs 55 through 60 of the Federal Policy (§102-173.55 - § 102-173.60). The rules for local-government domains are the following:
- The preferred format is “CityName-StatePostalCode.gov”:
- Example: Tyler-tx.gov or TylerTX.gov
- County government names will contain the spelled-out word “County” or “Parish” in the name. See the following for more information: §102-173.60.
- The words “City of” or “Town of” are optional (e.g., CityofAlbany-OR.gov)
Abbreviations are not authorized unless an exception to the domain name is granted through the Registry and Registration Authority and the Domain Policy Authority.
To qualify for an exception, a city should meet at least one of the following three criteria:
- Unique: City names that are not duplicated by any other city, town, borough, village, or equivalent, elsewhere in the country at the time of issuance can be registered without needing a reference to the state name. This will be determined by using Census Bureau’s National Places Gazetteer Files.
- Well-known: Certain cities are so well-known that they may not require a state reference to clearly communicate location. The list of US “dateline cities” in the Associated Press Stylebook will be reviewed.
- Most populous: Census maintains population data for the United States. DotGov will allow the largest 30 cities’ names to be registered without a state suffix.
The Domain Policy Authority will arbitrate all exceptions to policy 41 CFR 102-173 for naming conventions.