US Code
Part A— Cybersecurity and Infrastructure Security
§ 665. Duties and authorities relating to .gov internet domain

(a) DefinitionIn this section, the term “agency” has the meaning given the term in section 3502 of title 44.
(b) Availability of .gov internet domainThe Director shall make .gov internet domain name registration services, as well as any supporting services described in subsection (e), generally available—(1) to any Federal, State, local, or territorial government entity, or other publicly controlled entity, including any Tribal government recognized by the Federal Government or a State government, that complies with the requirements for registration developed by the Director as described in subsection (c);
(2) without conditioning registration on the sharing of any information with the Director or any other Federal entity, other than the information required to meet the requirements described in subsection (c); and
(3) without conditioning registration on participation in any separate service offered by the Director or any other Federal entity.
(c) RequirementsThe Director, with the approval of the Director of the Office of Management and Budget for agency .gov internet domain requirements and in consultation with the Director of the Office of Management and Budget for .gov internet domain requirements for entities that are not agencies, shall establish and publish on a publicly available website requirements for the registration and operation of .gov internet domains sufficient to—(1) minimize the risk of .gov internet domains whose names could mislead or confuse users;
(2) establish that .gov internet domains may not be used for commercial or political campaign purposes;
(3) ensure that domains are registered and maintained only by authorized individuals; and
(4) limit the sharing or use of any information obtained through the administration of the .gov internet domain with any other Department component or any other agency for any purpose other than the administration of the .gov internet domain, the services described in subsection (e), and the requirements for establishing a .gov inventory described in subsection (h).
(d) Executive branch(1) In generalThe Director of the Office of Management and Budget shall establish applicable processes and guidelines for the registration and acceptable use of .gov internet domains by agencies.
(2) Approval requiredThe Director shall obtain the approval of the Director of the Office of Management and Budget before registering a .gov internet domain name for an agency.
(3) ComplianceEach agency shall ensure that any website or digital service of the agency that uses a .gov internet domain is in compliance with the 21st Century IDEA Act (44 U.S.C. 3501 note) and implementation guidance issued pursuant to that Act.
(e) Supporting services(1) In generalThe Director may provide services to the entities described in subsection (b)(1) specifically intended to support the security, privacy, reliability, accessibility, and speed of registered .gov internet domains.
(2) Rule of constructionNothing in paragraph (1) shall be construed to—(A) limit other authorities of the Director to provide services or technical assistance to an entity described in subsection (b)(1); or
(B) establish new authority for services other than those the purpose of which expressly supports the operation of .gov internet domains and the needs of .gov internet domain registrants.
(f) Fees(1) In generalThe Director may provide any service relating to the availability of the .gov internet domain program, including .gov internet domain name registration services described in subsection (b) and supporting services described in subsection (e), to entities described in subsection (b)(1) with or without reimbursement, including variable pricing.
(2) LimitationThe total fees collected for new .gov internet domain registrants or annual renewals of .gov internet domains shall not exceed the direct operational expenses of improving, maintaining, and operating the .gov internet domain, .gov internet domain services, and .gov internet domain supporting services.
(g) ConsultationThe Director shall consult with the Director of the Office of Management and Budget, the Administrator of General Services, other civilian Federal agencies as appropriate, and entities representing State, local, Tribal, or territorial governments in developing the strategic direction of the .gov internet domain and in establishing requirements under subsection (c), in particular on matters of privacy, accessibility, transparency, and technology modernization.
(h) .gov inventory(1) In generalThe Director shall, on a continuous basis—(A) inventory all hostnames and services in active use within the .gov internet domain; and
(B) provide the data described in subparagraph (A) to domain registrants at no cost.
(2) RequirementsIn carrying out paragraph (1)—(A) data may be collected through analysis of public and non-public sources, including commercial data sets;
(B) the Director shall share with Federal and non-Federal domain registrants all unique hostnames and services discovered within the zone of their registered domain;
(C) the Director shall share any data or information collected or used in the management of the .gov internet domain name registration services relating to Federal executive branch registrants with the Director of the Office of Management and Budget for the purpose of fulfilling the duties of the Director of the Office of Management and Budget under section 3553 of title 44;
(D) the Director shall publish on a publicly available website discovered hostnames that describe publicly accessible agency websites, to the extent consistent with the security of Federal information systems but with the presumption of disclosure;
(E) the Director may publish on a publicly available website any analysis conducted and data collected relating to compliance with Federal mandates and industry best practices, to the extent consistent with the security of Federal information systems but with the presumption of disclosure; and
(F) the Director shall—(i) collect information on the use of non-.gov internet domain suffixes by agencies for their official online services;
(ii) collect information on the use of non-.gov internet domain suffixes by State, local, Tribal, and territorial governments; and
(iii) publish the information collected under clause (i) on a publicly available website to the extent consistent with the security of the Federal information systems, but with the presumption of disclosure.
(3) National security coordination(A) In generalIn carrying out this subsection, the Director shall inventory, collect, and publish hostnames and services in a manner consistent with the protection of national security information.
(B) LimitationThe Director may not inventory, collect, or publish hostnames or services under this subsection if the Director, in coordination with other heads of agencies, as appropriate, determines that the collection or publication would—(i) disrupt a law enforcement investigation;
(ii) endanger national security or intelligence activities;
(iii) impede national defense activities or military operations; or
(iv) hamper security remediation actions.
(4) StrategyNot later than 180 days after December 27, 2020, the Director shall develop and submit to the Committee on Homeland Security and Governmental Affairs and the Committee on Rules and Administration of the Senate and the Committee on Homeland Security, the Committee on Oversight and Reform, and the Committee on House Administration of the House of Representatives a strategy to utilize the information collected under this subsection for countering malicious cyber activity.

Structure US Code

US Code

Title 6— DOMESTIC SECURITY

CHAPTER 1— HOMELAND SECURITY ORGANIZATION

SUBCHAPTER XVIII— CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY

Part A— Cybersecurity and Infrastructure Security

§ 651. Definition

§ 652. Cybersecurity and Infrastructure Security Agency

§ 652a. Sector Risk Management Agencies

§ 653. Cybersecurity Division

§ 654. Infrastructure Security Division

§ 655. Enhancement of Federal and non-Federal cybersecurity

§ 656. NET Guard

§ 657. Cyber Security Enhancement Act of 2002

§ 658. Cybersecurity recruitment and retention

§ 659. National cybersecurity and communications integration center

§ 660. Cybersecurity plans

§ 661. Cybersecurity strategy

§ 662. Clearances

§ 663. Federal intrusion detection and prevention system

§ 664. National asset database

§ 665. Duties and authorities relating to .gov internet domain

§ 665a. Intelligence and cybersecurity diversity fellowship program

§ 665b. Joint cyber planning office

§ 665c. Cybersecurity State Coordinator

§ 665d. Sector Risk Management Agencies

§ 665e. Cybersecurity Advisory Committee

§ 665f. Cybersecurity education and training programs

§ 665g. State and Local Cybersecurity Grant Program

§ 665h. National Cyber Exercise Program

§ 665i. CyberSentry program

§ 665j. Ransomware threat mitigation activities

§ 665k. Federal Clearinghouse on School Safety Evidence-based Practices

§ 665l. School and daycare protection

§ 665m. President’s Cup Cybersecurity Competition

§ 665n. Industrial Control Systems Cybersecurity Training Initiative