Agency Information Collection Activities: .gov Registrar

#  Agency Information Collection Activities: .gov Registrar

**AGENCY:**

Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS).

**ACTION:**

30-Day notice and request for comments; new collection (request for a new OMB control number).

**SUMMARY:**

The *.gov* Registry Program within the Cybersecurity and Infrastructure Security Agency (CISA) will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995. CISA previously published this information collection request (ICR) in the *Federal Register* on February 27,  2023 for a 60-day public comment period. 0 comments were received by CISA. The purpose of this notice is to allow additional 30 days for public comments.

**DATES:**

Comments are encouraged and will be accepted until July 31, 2023. This process is conducted in accordance with 5 CFR 1320.10.

**ADDRESSES:**

Written comments and recommendations for the proposed information collection should be sent within 30 days of publication of this notice to *www.reginfo.gov/public/do/PRAMain* . Find this particular information collection by selecting “Currently under 30-day Review—Open for Public Comments” or by using the search function.

The Office of Management and Budget is particularly interested in comments which:

1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;

2. Evaluate the accuracy of the agency's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;

3. Enhance the quality, utility, and clarity of the information to be collected; and

4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, *e.g.,* permitting electronic submissions of responses.

**FOR FURTHER INFORMATION CONTACT:**

Cameron Dixon, DHS, Cybersecurity and Infrastructure Security Agency/Cybersecurity Division, 888-282-0870, *[email protected]* .

**SUPPLEMENTARY INFORMATION:**

*.gov* is a `top-level domain' (TLD), similar to *.com* , *.org* , or *.us.* Enterprises use a TLD to register a “domain name” (often simply called a domain) for use in their online services, like a website or email. Well-known *.gov* domains include *whitehouse.gov* , *congress.gov* , or *uscourts.gov* , but most *.gov* domains are from non-federal governments like *ny.gov* (State of New York) or *lacounty.gov* (LA County).

*.gov* is only available to bona fide U.S.-based government organizations and publicly controlled entities. When governments use *.gov* , they make it harder for would-be impostors to successfully impersonate them online.

Under the DOTGOV Act of 2020 (6 U.S.C. 665), CISA is responsible for the operation and security of the *.gov* TLD. Pursuant to that law, the *.gov* program at CISA works to “provide simple and secure registration of *.gov* internet domains”, “ensure that domains are registered and maintained only by authorized individuals”, and “minimize the risk of *.gov* internet domains whose names could mislead or confuse users”. In order to provision *.gov* domains to eligible government entities and ensure adherence to the domain requirements published by CISA pursuant to 6 U.S.C. 665(c), CISA needs to collect information from requestors of *.gov* domains.

The information will be collected on an online web portal called the “. *gov* registrar”, which is built and maintained by CISA. Requestors will be asked to provide information on the characteristics of their government entity ( *e.g.,* name, type, physical location, current domain), their preferred *.gov* domain name (e.g., *example.gov* ), their rationale for the name, organizational contact information (names, phone numbers, email addresses), and nameserver addresses.

Only U.S.-based government organizations are eligible for *.gov* domains; some of these organizations may be small entities. The collection has been developed to request only the information needed to confirm eligibility and adjudicate a *.gov* domain request. Without this collection, CISA will be unable to assess the eligibility of requestors nor provision *.gov* domains to government organizations. That outcome would decrease cybersecurity for governments across the nation and minimize the public's ability to identify governments online.

In accordance with 6 U.S.C. 665(c)(4), CISA will “limit the sharing or use of any information” obtained through this collection “with any other Department component or any other agency for any purpose other than the administration of the *.gov* internet domain, the services described in subsection (e), and the requirements for establishing a *.gov* inventory described in subsection (h).” Certain metadata for any approved domains (domain name, organization name, nameserver address, city/state information, security contact) will be published online.

**Analysis**

*Agency:* Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS).

*Title: .gov* registrar.

*OMB Number:* OMB CONTROL NUMBER.

*Frequency:* Once per domain registered.

*Affected Public:* Employees representing State, local, Territorial, and Tribal governments.

*Number of Respondents:* 1500 per year.

*Estimated Time per Respondent:* 20 minutes.

*Total Burden Hours:* 500 hours.

*Total Burden Cost (capital/startup):* $0.

*Total Burden Cost (operating/maintaining):* $24,674.

Robert J. Costello,

Chief Information Officer, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency.