Control of the .gov top-level domain (TLD) will transfer from the General Services Administration to the Cybersecurity and Infrastructure Security Agency in late April.
CISA will increase .gov security and make it harder for malicious actors to impersonate the TLD, in keeping with the DOTGOV Act of 2020 that mandated the transfer to the civilian cyber agency.
One of six original TLDs in the internet’s Domain Name System (DNS), .gov is being treated as critical infrastructure enabling millions of users to access thousands of federal, state, territorial, local, and tribal services online.
“People see a .gov website or email address and know they are interacting with an official, U.S.-based government organization,” said Eric Goldstein, executive assistant director of the Cybersecurity Division within CISA, in the announcement. “Using .gov also provides security benefits, like two-factor authentication on the .gov registrar and notifications of DNS changes to administrators, over other TLDs.”
GSA spent more than 20 years making .gov a trusted space, but modern threats to .gov’s cybersecurity make CISA a more ideal administrator moving forward.
Registrants will continue to be able to manage, renew and request domains using the .gov registrar without any issues.
CISA is developing a user-centered platform for DNS management that will give government organizations at all levels greater visibility of their systems to help them better identify security threats. The agency will eventually offer services improving .gov privacy, reliability, accessibility and speed.
The DOTGOV Act further requires .gov domains be offered at no or negligible cost, which CISA is working on. Domains are currently priced in relation to the service contract to operate the TLD, with prices expected to remain the same until 2022.
CISA is further partnering with the Federal Emergency Management Agency on how to use Homeland Security Grants for migrating any online service to .gov.