The Cybersecurity and Infrastructure Security Agency (CISA) announced that it will begin overseeing the .gov top-level domain (TLD) in April 2021, with a mandate to enhance security for the domain which is considered critical infrastructure.
Currently, the General Services Administration (GSA) oversees the .gov domain. However, the DOTGOV Act of 2020 mandated CISA oversee the domain. To ensure a smooth transition, CISA committed to working closely with GSA during the transition process.
“Using .gov and increasing trust that government communications are authentic will improve our collective cybersecurity,” said Eric Goldstein, executive assistant director for CISA’s Cybersecurity Division. “People see a .gov website or email address and know they are interacting with an official, U.S.-based government organization.”
Goldstein explained additional benefits of the .gov domain for governments, saying it “also provides security benefits, like two-factor authentication on the .gov registrar and notifications of DNS changes to administrators, over other TLDs.” Further, he said CISA will “endeavor to make the TLD more secure for the American public and harder for malicious actors to impersonate.”
In a statement, CISA explained that .gov is one of the six original TLDs in the internet’s domain name system (DNS). The TLD is used across the Federal government, as well as every state, hundreds of counties and cities, and many tribes and territories.
To help increase the number of counties, cities, tribes, and territories using the .gov domain, the DOTGOV legislation also included funding to support the adoption of “.gov” domains across local governments. CISA is now required to create an outreach strategy for state and local organizations.
Responsibility for the TLD was shifted to CISA because it is considered critical infrastructure, which falls under CISA’s purview. CISA explained that the TLD is termed critical infrastructure because it “is central to the availability and integrity of thousands of online services relied upon by millions of users.” Under the DOTGOV Act, CISA is tasked with increasing security and decreasing complexity for CISA’s government partners.