CISA Considering Open-Source Registrar Platform For .Gov Domain
The agency is looking for support services to help manage the .gov registry as it takes control of the top-level domain from GSA.
The government’s central cybersecurity authority is setting up new methods for registering, tracking, securing and retiring official government websites and is looking for vendors to manage those services or help the agency create a new open-source platform.
The Cybersecurity and Infrastructure Security Agency, or CISA, took over control of the .gov domain from the General Services Administration in March.
The change in ownership—mandated by the DOTGOV Act—also required CISA to provide domain registry to federal, state and local governments at little to no cost and beef up the overall security of the domain.
The services covered in a request for information posted to SAM.gov would “support the secure and reliable operation of the .gov top-level domain,” or TLD. The document breaks the work into two buckets:
- A registry services provider to manage core Domain Name System, or DNS, infrastructure, including authoritative DNS hosting for individual domains. Prospective vendors must be U.S.-based and be certified to run high-impact federal systems deemed high-value assets.
- A registrar providing web registration and management of .gov domains; offering supporting services to improve the security, privacy, reliability, accessibility and speed of .gov domains and the services hosted within them; and supporting end-users. The registrar will also serve as the TLD’s website.
CISA officials plan to use a traditional contract for registry services but are looking at options for the registrar portion.
“For the registrar, CISA is interested in assessing how the objectives align to current market offerings—or whether CISA, acting as the product owner, would lead the creation of a new, open source registrar with an agile software development team,” the RFI states.
The registrar service will include an easy-to-use public website; a “simple and secure” registration, renewal and retiring process; DNS management; maintaining an inventory of .gov sites; and end-user support and “supporting services” as outlined in the DOTGOV Act.
The RFI notes .gov is unique among the domains: It is one of the original six TLDs; it is “sponsored” and only available to certified U.S. government bodies; and does not have an official registry agreement with the Internet Corporation for Assigned Names and Numbers, or ICANN, which registers unique web addresses for most of the other internet domains.
On top of all that, the services provided through the .gov domain are often critical and require the utmost security.
“Because the TLD is central to the availability and integrity of thousands of online services relied upon by millions of users .gov TLD is critical infrastructure for governments throughout the country and all aspects of its administration have cybersecurity significance,” the RFI states. “CISA seeks to increase security and decrease complexity for government organizations and public users of .gov—including by increasing CISA’s and registrants’ insight into important security-relevant information derived from the maintenance of a ‘.gov inventory.’”
Responses to the RFI should be submitted through this web form by 5 p.m. July 28.