Sep 12 2023

Agencies Should Take Advantage of Their .Gov Eligibility

Tens of thousands of local, state and federal agencies could use the .gov designation but don’t.

More than 9,000 local, state and federal government agencies carry the .gov designation on their websites, but tens of thousands more do not. A major federal update of the infrastructure supporting that domain should encourage more state and local government organizations to do so, and will improve security for those already using it, experts say.

The Cybersecurity and Infrastructure Security Agency took control of the .gov top-level domain from the General Services Administration after the passage of the DOTGOV Online Trust in Government Act of 2020.

The .gov domain is the means by which websites direct users to the computer that holds the information they seek. Domains replace the numerical IP addresses that computers use to identify websites and make it easier for users to remember website names.

Only U.S.-based government bodies are permitted to use .gov, and they must provide proof that they are part of a government before they can create a website with that domain, says Cameron Dixon, .gov registry manager at CISA. The federal government has about 1,300 .gov sites.

“The vast majority of our namespace is nonfederal,” he says. “There are thousands of counties that exist, tens of thousands of cities. There are state legislatures and courts, there are election organizations, there are special districts around the nation — mosquito districts and road districts.

It’s going to be a platform that CISA will use to serve U.S.-based governments for the next many years.”

Cameron Dixon .Gov Registry Manager, CISA

“All of these are government organizations that are eligible under the DOTGOV to get a domain name. We want the public to be able to trust that a particular service really is bona fide.”

.Gov is one of the six original top-level domains created in 1985 (the others are .mil, .com, .edu, .net and .org). Any changes to the .gov domain will affect only U.S. government websites; other countries using a form of the domain, such as or, are on a different infrastructure, Dixon says.

CISA was given control of .gov for security reasons; the DOTGOV Act requires the domain be operated through a cybersecurity lens. “We are the cybersecurity agency, and we certainly have that focus,” he says.

It’s rare to change the agency in charge of a top-level domain, says Kim Davies, vice president for Internet Assigned Numbers Authority services at the Internet Corporation for Assigned Names and Numbers (ICANN), which regulates the internet naming system.

But in general, routine updates to TLDs are common, including “updates to the technical configuration of the domain, cryptographic keys used to secure the domain and points of contact when there are personnel changes,” he  adds.

LEARN MORE: The top cybersecurity threats facing federal agencies.

CISA is migrating .gov away from its legacy infrastructure and moving to a new managed services company, Dixon says. Agencies should not notice changes, “but there are security benefits that we can bake in at the ground level that they are able to inherit,” he adds.

The updates should also shorten the time it takes for an agency to get .gov approval (the process begins at the appropriately named Current domain users are acting as beta testers, providing feedback to CISA on changes, which Dixon expects to be ongoing as security and other needs evolve.

“It’s going to be a platform that CISA will use to serve U.S.-based governments for the next many years,” he says. “The goal here is to help them. We’re able to shoulder some of the burdens that they’re experiencing so that they don’t have to.”

PeopleImages / Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.