Added authorizing official guidance for org types

This commit is contained in:
Michelle Rago 2022-12-27 14:58:25 -05:00 committed by GitHub
parent ade8ddbef3
commit 8011c117e6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -4,9 +4,7 @@
{% block form_content %}
<p>The .gov domain exists to support a broad diversity of government missions and public initiatives. Generally, the .gov registry does not review or audit how government organizations use their domains.</p>
<p>However, misuse of an individual .gov domain can reflect upon the integrity of the entire .gov space. There are categories of misuse that are statutorily prohibited or abusive in nature.</p>
<p>The .gov domain exists to support a broad diversity of government missions and public initiatives. Generally, the .gov registry does not review or audit how government organizations use their domains. However, misuse of an individual .gov domain can reflect upon the integrity of the entire .gov space. There are categories of misuse that are statutorily prohibited or abusive in nature.</p>
<h2>Prohibited activities for .gov domains</h2>
@ -20,12 +18,12 @@
<p>A .gov domain must not be used to distribute or promote material whose distribution violates applicable law.</p>
<h3>Malicious cyber activity </h3>
<p>.gov is a trusted and safe space. .gov domains must not distribute malware, host open redirects, or otherwise engage in malicious cyber activity.</p>
<p>.Gov is a trusted and safe space. .Gov domains must not distribute malware, host open redirects, or otherwise engage in malicious cyber activity.</p>
<h2>Required activities for .gov domain registrants </h2>
<h3>Keep your contact information update</h3>
<h3>Keep your contact information updated</h3>
<p>As a .gov domain registrant, maintain current and accurate contact information in the .gov registrar. We strongly recommend that you create and use a security contact.</p>
<h3>Be responsive if we contact you</h3>
@ -39,12 +37,78 @@
<li>Emails to domain contacts </li>
<li>Phone calls to domain contacts</li>
<li>Email or phone call to the authorizing official</li>
<li>Email or phone call to the government organization, a parent organization, or affiliated entities</li>
<li>Emails or phone calls to the government organization, a parent organization, or affiliated entities</li>
</ul>
</p>
<p>We understand the critical importance of the availability of .gov domains. Suspending or terminating a .gov domain is reserved only for prolonged, unresolved serious violations where the registrant is non-responsive. We will make extensive efforts to contact registrants and to identify potential solutions, and will make reasonable accommodations for remediation timelines proportional to the severity of the issue.</p>
<h2>Requirements for authorizing officials</h2>
<p>Your authorizing official is the person within your organization who can authorize your domain request. This is generally the highest ranking or highest elected official in your organization.</p>
<h3>Executive branch federal agencies</h3>
<p>Domain requests from executive branch agencies must be authorized by CIOs or agency heads.</p>
<p>Domain requests from executive branch agencies are subject to guidance issued by the U.S. Office of Management and Budget.</p>
<h3>Judicial branch federal agencies</h3>
<p>Domain requests for judicial branch agencies, except the U.S. Supreme Court, must be authorized by the director or CIO of the Administrative Office (AO) of the United States Courts.</p>
<p>Domain requests from the U.S. Supreme Court must be authorized by the director of information technology for the U.S. Supreme Court.</p>
<h3>Legislative branch federal agencies</h3>
<h4>U.S. Senate</h4>
<p>Domain requests from the U.S. Senate must come from the Senate Sergeant at Arms.</p>
<h4>U.S. House of Representatives</h4>
<p>Domain requests from the U.S. House of Representatives must come from the House Chief Administrative Officer.</p>
<h4>Other legislative branch agencies</h4>
<p>Domain requests from legislative branch agencies must come from the agencys head or CIO.</p>
<p>Domain requests from legislative commissions must come from the head of the commission, or the head or CIO of the parent agency, if there is one.</p>
<h3>Interstate</h3>
<p>Domain requests from interstate organizations must be authorized by the highest-ranking executive (president, director, chair, or equivalent) or one of the states governors or CIOs.</p>
<h3>U.S. states and territories</h3>
<h4>States and territories: executive branch</h4>
<p>Domain requests from states and territories must be authorized by the governor or the state CIO.</p>
<h4>States and territories: judicial and legislative branches</h4>
<p>Domain requests from state legislatures and courts must be authorized by an agencys CIO or highest-ranking executive.</p>
<h3>Tribal governments</h3>
<p>Domain requests from federally-recognized tribal governments must be authorized by tribal chiefs as noted by the <a href="https://www.bia.gov/service/tribal-leaders-directory">Bureau of Indian Affairs</a>.</p>
<h3>Counties</h3>
<p>Domain requests from counties must be authorized by the chair of the county commission or the equivalent highest elected official.</p>
<h3>Cities</h3>
<p>Domain requests from cities must be authorized by the mayor or the equivalent highest elected official.</p>
<h3>Special districts</h3>
<p>Domain requests from special districts must be authorized by the highest-ranking executive (president, director, chair, or equivalent) or state CIOs for state-based organizations.</p>
<h3>School districts</h3>
<p>Domain requests from school district governments must be authorized by the highest-ranking executive (the chair of a school districts board or a superintendent).</p>
<h2>HSTS preloading</h2>
<p>The .gov program will preload all newly registered .gov domains for HTTP Strict Transport Security (HSTS).</p>