“All of these are government organizations that are eligible under the DOTGOV to get a domain name. We want the public to be able to trust that a particular service really is bona fide.”
.Gov is one of the six original top-level domains created in 1985 (the others are .mil, .com, .edu, .net and .org). Any changes to the .gov domain will affect only U.S. government websites; other countries using a form of the domain, such as .gov.uk or india.gov.in, are on a different infrastructure, Dixon says.
CISA was given control of .gov for security reasons; the DOTGOV Act requires the domain be operated through a cybersecurity lens. “We are the cybersecurity agency, and we certainly have that focus,” he says.
It’s rare to change the agency in charge of a top-level domain, says Kim Davies, vice president for Internet Assigned Numbers Authority services at the Internet Corporation for Assigned Names and Numbers (ICANN), which regulates the internet naming system.
But in general, routine updates to TLDs are common, including “updates to the technical configuration of the domain, cryptographic keys used to secure the domain and points of contact when there are personnel changes,” he adds.
CISA is migrating .gov away from its legacy infrastructure and moving to a new managed services company, Dixon says. Agencies should not notice changes, “but there are security benefits that we can bake in at the ground level that they are able to inherit,” he adds.
The updates should also shorten the time it takes for an agency to get .gov approval (the process begins at the appropriately named get.gov). Current domain users are acting as beta testers, providing feedback to CISA on changes, which Dixon expects to be ongoing as security and other needs evolve.
“It’s going to be a platform that CISA will use to serve U.S.-based governments for the next many years,” he says. “The goal here is to help them. We’re able to shoulder some of the burdens that they’re experiencing so that they don’t have to.”