The Office of Management and Budget (OMB) today released guidance updating requirements for Federal website domains – including .gov or .mil website domains – and marking another critical move in delivering trusted interactions to the American people when they visit official government sites.
“When people visit a Federal website, they should be able to trust that it’s an official site. That’s why our new “DOTGOV” guidance requires all Federal agencies to use .gov or .mil domains,” Federal Chief Information Officer Clare Martorana, wrote in a tweet.
For the American people, the .gov or .mil domain is a critical indicator that they are accessing official information, services, and communications. That assurance contributes to increased public trust in online government information and services and safer operations and communications among all branches and levels of government.
The memorandum guides Federal agencies on the acceptable use and registration of internet domain names, as required by the DOTGOV Online Trust in Government Act.
Starting today, Federal agencies must use government domains, such as .gov and .mil, for all official communications, information, and services.
“A good government domain name should be memorable for the American people, not longer than necessary, and describes the relevant government organization or service unambiguously,” the OMB memo explains.
The guidance does not apply to third-party services operated by non-governmental entities needed for effective interaction with the public – including social media services, source code collaboration, and vulnerability disclosure reporting systems.
The memo does require Federal agencies to continue to report utilization of non-.gov domains, including hostnames used by internet-accessible information systems – a stipulation put forward in M-22-09, ‘Moving the U.S. Government Toward Zero Trust Cybersecurity Principles.’
In addition, agencies must comply with all applicable .gov domain requirements on the .gov registry site. Federal agencies have 180 days to review previously registered domains to ensure compliance with these domain requirements, including domain naming conventions, and identify to OMB any that do not meet these requirements.
“The internet has become a primary means by which the public receives information and services from the Federal government. Therefore, the Federal government’s use of internet infrastructure must employ high standards of quality to maintain public trust,” the memo states.