Skip to main content

Domain requirements

This is an overview of the .gov domain registration requirements, and is meant to further explain and clarify sections of the Federal Policy, which focuses on purpose and jurisdiction.

The .gov top-level domain (TLD) facilitates collaboration among government-to-government, government-to-business, and government-to-citizen entities. The TLD authorizes domain names for bona fide US-based government organizations, at the federal, state, and local levels, including federally recognized Indian tribes and Alaskan Native groups, known as native sovereign nations (NSNs). .gov makes government services easy to identify on the internet.

Every .gov domain name application is carefully examined to ensure domain names requested will not create misunderstandings about the purpose of domains and their content. GSA arbitrates domain name issues and reserves the right to deny domain name requests that do not adequately meet requirements.

Domain name requests (and requests for exceptions to policy) must come from an “authorizing authority”, which differs slightly for federal, native sovereign nations, state, interstate, independent intrastate, and city/county government organizations.

General requirements

The following applies to all .gov domains:

Eligibility

To maintain domain name integrity, eligibility is limited to qualified government organizations and programs. Having a managed domain name such as .gov assures your customers that they are accessing an official U.S. government site.

No non-government advertisements

A .gov domain may not be used to advertise for private individuals, firms, or corporations. It may not be used to imply in any manner that the government endorses or favors any specific commercial product, commodity, or service.

No political or campaign information

The .gov domain is for the operation of government, not the political, political party, or campaign environment. No campaigning can be done using .gov domains. The .gov domain websites may not be directly linked to or refer to websites created or operated by a campaign or any campaign entity or committee. No political sites or party names or acronyms can be used. Separate websites and email on other top-level domains (TLDs), such as .org, will have to be used for political activity.

Naming conventions

Naming-convention rules are described in detail in the Federal Policy. Thousands of names, programs, and general terms are used in .gov domains. The following is a summary of naming-convention rules:

1. Generic terms, without additional identification, are reserved for federal agencies

Only federal agencies can register generic terms, such as “licenses,” “recreation,” and “benefits”, for domain names. However, a domain name like marylandrecreation.gov could be allowed (once authorized by either Maryland’s Chief Information Officer or the Governor) since the origin of service is identified.

2. State postal codes

State and local second-level .gov domains must include the two-letter state acronym or spell out the state name. Additional naming conventions apply for local entities, such as cities, towns, counties, territories, and parishes.

Examples:

Eligibility period

All .gov domains are registered for a 1-year eligibility period. During this period, a review of eligibility and administrative information is required. If necessary, the .gov registrar will contact the points of contact for domains. Please keep the contact information up to date. The .gov registrar may request an updated authorization letter, updated Domain Name Server (DNS) information, or other information. This information enables the government to ensure .gov domains provide secure, official websites and promotes the best possible service to the general public.

Privacy and use policy

Domains should adhere to appropriate level of policies in reference to personal information usage for their domain.

Domain suspension

Organizations that operate websites that are not in compliance with the conditions of use may have their domain name suspended or experience operational issues or terminated based on the severity of the issue. There are two levels of incidents:

1. Critical

Content restriction on the .gov domain does not allow criminal activities or obscene images, inappropriate sexually oriented material, or extremist material to be displayed or sent to system users. This material being accessed through a .gov domain URL could result in an expedient suspension. A process for resolution with escalation procedures is in place with the Registry and Registration Authority. The Registry and Registration Authority will contact the registration points of contacts and the Authorizing Authority advising them of an imminent domain suspension. The Authorizing Authority is the CIO for Federal level domains. The Authorizing Authority for State and Local governments and Native Sovereign Nations is the highest IT official or highest elected official that authorizes the domain to operate and contain information reference to their government responsibilities.

2. Administrative

Domains that have content with advertising materials, political or campaign information, substantial incorrect information, inappropriate web links (i.e. to sites that violate content policy), and incorrect redirects are not in compliance or not consistent with original intent or approved purpose. The Registry and Registration Authority will contact the points of contact on the domain to get issues resolved. The expectation is these administrative compliance issues are handled in a timely manner and suspension is reserved as a last resort.

The actual suspension of a domain without concurrence of a registrant requires the internal GSA approval at the Senior Executive level. Generally, for GSA initiated suspensions, the suspension will become effective 3 hours to 24 hours after notification of the points of contacts, depending on the severity of the issue. The notification of the contacts is the time at which one of the domain points of contact is contacted or the time that the voice and email messages are sent to all contacts, whichever is first. This provides an opportunity for the registrant to remediate the issue to avoid suspension. The Registry and Registration Authority will review the site to see if the policy violation has been remediated prior to the suspension.

Account information

It is the registrant’s responsibility to provide all requested information and keep all account information current; to include contact information, DNS information. It is the registrant’s responsibility to ensure the account is paid in full each year. Government domains / websites can be very large, complex, and support important business operations. The process to address policy violations will allow for coordination across organizational boundaries and involve persons with the authority to make decisions on the appropriate course of action and in the timeframe required. The administrative contact is the person who controls the content of the domain and is the manager of the operations of the domain. The technical contact is the person that operates the DNS and takes care of the technical operations such as security patches. The billing contact is the person that pays for the domain. The Authorizing Authority is the highest elected official that authorizes the domain to operate and contain information reference to their government responsibilities. The Authorizing Authority for Federal Agency domains is the CIO. The Authorizing Authority for State level domains is the Governor or their appointed CIO. The Authorizing Authority for local governments and Native Sovereign Nations is the highest elected official or the highest IT official.

Security

Security incident notification procedures:

  1. The Registry and Registration Authority shall notify the US-CERT of all incidents involving the intentional unauthorized access or unauthorized intentional damage to, modification, destruction or damage to a .gov domain. The administrative contact will be notified and involved to assist in the US-CERT investigation and report.

  2. Information received about incidents described in above shall be considered confidential and shall not be disclosed to the public.

Federal domains

All general requirements apply.

The fed.us top-level domain is legacy and will not accept any new domains.

Authorization

Use the Federal or U.S. territory authorization letter templates.

All Federal agency domain requests must come from the Chief Information Officer (CIO) of the Federal agency. See cio.gov for a complete list of Federal agency CIOs.

Effective February 2018, all new Federal executive branch .gov domain requests will be subject to additional review and approval by the Office of Management and Budget (OMB). Renewals of existing Federal executive branch .gov domains will not be subject to additional review.

Legislative domain requests

All requests from the Legislative Branch of the Federal Government for second-level .gov domains will go through the Senate Office of Information Resources or the House Information Resource Office prior to registering on the .gov domain.

Federal court domain requests

Federal court .gov domains are linked to uscourts.gov and authorized by the Office of Government-wide Policy.

Native sovereign nation domains

All general requirements apply.

Native sovereign nation domains are coordinated with the Department of the Interior’s Bureau of Indian Affairs. Use the native sovereign nation authorization letter template, then send it to:

Bureau of Indian Affairs Office of Information Operations Attn: Angel Goldtooth 1011 Indian School Rd NW RM 183 Albuquerque, NM 87104

State domains

All general requirements apply.

Authorization

Use the state authorization letter template.

Governors or a governor-appointed state chief information officer (CIO) must sign authorization letters for all state executive branch domain requests. To verify the identity of your state CIO, refer to nascio.org.

State courts and legislatures

State courts and legislatures can request authorization from their CIO or highest-ranking executive, independent of their state executive branch.

State name or postal code

To register any second-level .gov domain, state governments must register either the full state name or clearly indicate the state postal code at the beginning or end of the domain name. Use of a hyphen is not recommended but optional. Examples of state domain names are the following:

Don’t obscure state names or postal codes

Use of the state postal code should not be embedded within a single word in a way that obscures the postal code. For example, “Information.gov” for Indiana (IN) or “Forests.gov” for Oregon (OR) are unacceptable. See paragraph 50 (§102-173.50) in the Federal Policy for more about this rule. Valid examples are the following:

Unlimited state-level domains

The state CIO and governor can register an unlimited number of second-level .gov domains, such as:

Utility, transportation, and regional authorities

Authorities such as a water district are instruments of the state and may use the .gov domain once approved by the State CIO, who will ensure they are operated by the state. Utilities and regional authorities that provide services such as water and sanitation which are not operated by the state and are state employed personnel are not eligible for a domain.

Interstate domains

All general requirements apply.

Authorization

Use the interstate authorization letter template.

Interstate (multi-state) governmental organizations are most frequently formed via legislation from Congress or from a legal accord between, or passed by, the state governments of two or more states. Examples include multi-state commissions, organizations that manage interstate compacts, or port authorities that operate across jurisdictions.

The authorization letter for a domain name must:

Alternatively, instead of a letter containing this information, one or more of a state’s governors or CIOs can submit an authorization letter. All participating states must be named.

See examples of current interstate domains here.

Independent intrastate domains

All general requirements apply.

Authorization

Use the independent intrastate authorization letter template.

Independent intrastate (within a single state) governmental organizations are most frequently formed via state legislation, where authority is vested in them to operate independently from the state. Examples include organizations, authorized by law, that operate a jurisdiction’s elections, manage regional transit, or do area-wide economic planning with governance independent from e.g., the executive branch.

The authorization letter for a domain name must:

Domain names must represent your municipality, organization, or institutional name, not solely the services you provide. Name requests must include a reference to your geographic area of jurisdiction. (Generic domain names are reserved for Federal agencies.)

City and county domains

All general requirements apply.

Authorization

Use the city or county authorization letter templates.

The authorization letter must be signed by the mayor or the highest-ranking, elected official because the domain is the internet presence for the entire city, town, county, township, or parish represented.

Utility, transportation, and regional authorities

Authorities such as a water district that are the instrument of local government or combined ownership by local governments, such as regional transportation authorities may share the .gov domain once approved by the Authorizing Authority, Mayor or highest ranking elected official of a local or State Government, who will ensure they are part of the local government. Utilities and regional authorities that provide services such as water and sanitation which are not operated by the local government and are not employed personnel of the government are not eligible for a domain.

Naming conventions

Naming conventions are described in depth in paragraphs 55 through 60 of the Federal Policy (§102-173.55 - § 102-173.60). The rules for local-government domains are the following:

Abbreviations

Abbreviations are not authorized unless an exception to the domain name is granted through the Registry and Registration Authority and the Domain Policy Authority.

Exception requests

To qualify for an exception, a city should meet at least one of the following three criteria:

  1. Unique: City names that are not duplicated by any other city, town, borough, village, or equivalent, elsewhere in the country at the time of issuance can be registered without needing a reference to the state name. This will be determined by using Census Bureau’s National Places Gazetteer Files.
  2. Well-known: Certain cities are so well-known that they may not require a state reference to clearly communicate location. The list of US “dateline cities” in the Associated Press Stylebook will be reviewed.
  3. Most populous: Census maintains population data for the United States. DotGov will allow the largest 30 cities’ names to be registered without a state suffix.

The Domain Policy Authority will arbitrate all exceptions to policy 41 CFR 102-173 for naming conventions.