The Cybersecurity and Infrastructure Security Agency (CISA) is considering an open-source registrar platform for the .gov domain, according to a new request for information (RFI) on SAM.gov.
CISA said the move is intended to support “the secure and reliable operation” of the .gov top-level domain (TLD). In the RFI, CISA said it is looking for a registrar: providing web registration and management of .gov domains; offering supporting services to improve the security, privacy, reliability, accessibility, and speed of .gov domains and the services hosted within them; and supporting end-users.
While the .gov zone is relatively small currently, with roughly 6,500 domains, CISA said it anticipates constant growth over the next few years. Additionally, while the .gov domain doesn’t have a registry agreement with the Internet Corporation for Assigned Names and Numbers (ICANN), CISA anticipates “close alignment” with the norms followed by registries and registrars that are bound by publicly available agreements with ICANN.
However, CISA is looking to use the flexibility of not having a registry agreement to test and promote emerging good practices while maintaining useful established practices. That said, the RFI noted that certain features of the registrar may require it to be accredited by ICANN in the future.
For the registrar, CISA said it is interested in learning what current market offerings exist to meet CISA’s objectives, or whether CISA would need to serve as the product owner and lead the creation of a new, open-source registrar with an agile software development team.
In terms of specific objectives for the registrar, CISA is looking for a “modern, user-centered, responsive web application” that is in alignment with the requirements of the 21st Century Integrated Digital Experience Act. The registrar will have to enable .gov registrants to manage their domains’ registration lifecycle, DNS settings, and useful supporting services, as well as serve as the central .gov hub for CISA, supporting registrant management and tracking technical performance indicators for the TLD.
In the RFI, CISA said it anticipates that the registrar will be deployed in a cloud environment that CISA or another government agency manages, not in a registrar provider’s environment. Additionally, CISA hopes the registrar will generate insights into the security of an organization’s internet-accessible systems.
Feedback is due by July 28.
