Skip Navigation
  • Text Size: A A A
  • Print
  • Email
  • Facebook
  • Tweet
  • Share

HHS Policy for Internet Domain Names

July 13, 2005

Documents in PDF format require the Adobe Acrobat Reader®. If you experience problems with PDF documents, please download the latest version of the Reader®.

HHS Web Management Policy

HHS-WEB-2005-01

TABLE OF CONTENTS

Nature of Changes

  1. Purpose
  2. Background
  3. Scope
  4. Policy
  5. Roles and Responsibilities
  6. Applicable Laws/Guidance
  7. Information and Assistance
  8. Effective Date/Implementation
  9. Approved

Glossary

 

 

Nature of Changes

This is a revision to the January 8, 2001, issuance of the Health and Human Services (HHS) Information Resource Management (IRM) Policy for Domain Names (HHS-IRM-2000-0008, http://www.hhs.gov/read/irmpolicy/0008.html), in response to the Office of Management and Budget (OMB) memorandum M-05-04 on Policies for Federal Agency Public Websites (12/17/2004, http://www.whitehouse.gov/omb/memoranda/fy2005/m05-04.pdf) and the recommendations of the Interagency Committee on Government Information pursuant to the EGov Act of 2002. Modifications to this policy can be found in the following sections:

  1. Section 1, Purpose, has been modified to cite this version supercedes the January 8, 2001, issuance of the same policy.
  2. Section 2, Background, has been updated to clarify the need for a strict domain names policy based upon recent legislation, OMB guidance, and the recommendations of the Interagency Committee on Government Information.
  3. Section 3, Scope, has been modified to indicate the role of the HHS Office of the Secretary in terms of this policy and to cite that this version supercedes the January 8, 2001, issuance of the same Policy.
  4. Section 4, Policy, has been broken up into six Sections. Section 4.1 clarifies and strengthens the policy that specifies HHS.GOV as the official domain name. Section 4.2 specifies the policy for obtaining waivers to the Policy for Domain Names. Sections 4.2 and 4.3 describe policy for lower level domain names. Section 4.5 describes how decommissioned Web site domain names should be handled. Section 4.6 describes the Domain Name Registrar reporting requirements.
  5. Section 5, Roles and Responsibilities have been updated.
  6. Section 6, Applicable Laws/Guidance has been updated to add the OMB guidance and E-Government Act of 2002 reference.
  7. Section 9, Approval, updated signature line and effective date are included.
  8. Glossary: Updated definitions and descriptions.

top of page

 

1. Purpose

This document establishes the policies and responsibilities for approving, acquiring, and registering HHS Internet Domain Names that represent all Operating Divisions (OPDIVs) and Staff Divisions (STAFFDIVs) of the Department of Health and Human Services (HHS). This policy supercedes Domain Names Policy, HHS-IRM-2000-0008, dated January 8, 2001, (http://www.hhs.gov/read/irmpolicy/0008.html).

top of page

 

2. Background

Many Web sites exist that resemble government Web sites or appear to provide “official” government information. They can mislead the public into believing and acting on erroneous information. Visitors looking for official government information must be confident they are getting government information. The Federal government must ensure that its public Web sites are clearly branded. As such, HHS wants to ensure that the public is aware of its presence and can be confident in the reliability of information identified as originating from HHS. Using domains that are exclusive to the government is one way to communicate to citizens that Federal public Web sites are legitimate. Use of the .GOV domain assures the public that sites using this domain are official government Web sites.

In March 2003, the General Services Administration (GSA) issued Final Management Regulation (FMR) 41 CFR Part 102-173 (http://www.dotgov.gov/final_rule_102.aspx), which provides government-wide policy for the registration of Internet .GOV domain names. Additional guidance is found in RFC 2146 (http://www.dotgov.gov/help_rfc2146.aspx).

In accordance with FMR 41 CFR Part 102-173, domain names must be authorized by the Chief Information Officer (CIO) of the requesting or sponsoring government organization (for the purposes of this policy, the HHS CIO). Non-Federal government domain names must follow the naming conventions described in Sec. 102-173.50 through 102-173.65. For other government entities, CIO's may delegate this authority by notification to GSA.

On June 14, 2002, the HHS Chief of Staff issued an HHS Domain Names Moratorium (http://intranet2.hhs.gov/lab/projects/dnames/moratorium.html) on all requests for new second-level Internet domain names to present a more unified approach to Departmental management. Exceptions to this moratorium have been granted when important business functionality was identified.

With the formation of the HHS Web Management Team (WMT), a joint memo, dated March 15, 2004, from the Assistant Secretary for Public Affairs, the Acting Assistant Secretary for Budget, Technology and Finance, and the Assistant Secretary for Administration and Management indicated that the WMT is responsible for receiving, tracking, reviewing and approving requests for assignments of Internet domain names and the “administration of all HHS-owned Internet domain names”.

Additionally, the Interagency Committee on Government Information made recommendations to the Office of Management and Budget (OMB) regarding domain names as required by the E-Government Act of 2002 (Public Law 107-347, 44 U.S.C. Chapter 36). As a result, final OMB Policies for Federal Agency Public Websites was issued December 17, 2004, requiring the use of approved government domain names and establishing a role for the Secretary. This guidance is reflected in this policy (http://www.whitehouse.gov/omb/memoranda/fy2005/m05-04.pdf).

top of page

 

3. Scope

This Departmental policy applies to all HHS Departmental, OPDIV, and STAFFDIV Domain Names, whether owned and operated by HHS, or operated on behalf of HHS. For administrative purposes, the Office of the Secretary (OS) is considered to be an OPDIV. This policy supercedes HHS IRM Policy for Domain Names, 2000-0008, dated January 8, 2001, (http://www.hhs.gov/read/irmpolicy/0008.html) and the HHS Domain Names Moratorium (http://intranet2.hhs.gov/lab/projects/dnames/moratorium.html).

top of page

 

4. Policy

 

4.1. Domain Names

In accordance with Final Management Regulation (FMR) 41 CFR Part 102-173, the Registration Policy for Domain Names representing the U.S. Department of Health and Human Services (HHS) and/or its Agencies shall follow the standard Internet naming convention for Federal agencies using .GOV and the responsible cabinet-level agency initials, HHS. The official domain name for HHS is HHS.GOV.

In accordance with the OMB memo on Policies for Federal Agency Public Websites issued December 17, 2004, and HHS domain name policy, all HHS Web sites shall use HHS.GOV as the domain name. The use of .COM, .ORG, .EDU, .NET, .BIZ, .TV, or other domains is prohibited.

All HHS Web sites must comply with applicable Federal, HHS, and OPDIV Web, security and accessibility (Section 508 of the Rehabilitation Act, 29 U.S.C. 794d) laws, policies, and regulations. No personal surnames shall be used in Domain Names.

All .GOV Domain Name registration fees charged by the General Services Administration will be paid by the office of the HHS CIO. The HHS CIO may request that OPDIVs pay for their respective domain name fees.

The HHS Secretary, the HHS Assistant Secretary for Public Affairs (ASPA), and HHS CIO have authority to require the immediate shutdown of any HHS website using a domain name not in compliance with this policy or require the retirement of any approved domain name and any HHS-owned domain name that has previously been granted a waiver when it is in the best interests of the Department.

OPDIV Chief Public Affairs Officers and OPDIV Chief Information Officers have the authority to require the immediate shutdown of any respective OPDIV website using a domain name not in compliance with this policy. OPDIV Chief Public Affairs Officers and OPDIV Chief Information Officers in consultation may require the retirement of any approved domain name and any OPDIV-owned domain name that has previously been granted a waiver when it is in the best interests of the Department.

 

4.2. Waivers to the Domain Name Policy

Waivers to the Domain Name Policy that are determined to be necessary for the business functions of an agency may be granted under the following conditions:

4.2.1. Waivers for second level .GOV domain names not using the ‘HHS.GOV’ format (e.g. topic.GOV)

  1. New second-level .GOV domain names must be granted a waiver jointly by the ASPA and the HHS CIO. Requests for aliases should be included in the waiver request if aliases are needed.
  2. Second-level .GOV domain names and aliases which have already received a waiver previous to the approval of this policy, do not need to be re-submitted for approval.
  3. The primary criteria for granting a new second level .GOV domain name is that a topical site domain name is needed to represent a cross-cutting initiative or significant body of information that crosses Federal agencies; for example, afterschool.gov. Domain names that do not include HHS shall be limited to
    1. government-wide sites only that are a partnership with other Federal agencies that also provide content for the site; or
    2. significant special initiatives such as Presidential or White House-sponsored committees, councils, or conference sites supported by HHS staff.
  4. Offices with approved waivers for second level .GOV domain names may additionally reserve non-.GOV domain names to protect similar domain names from inappropriate use by other parties; however, only the official .GOV domain name shall be used for marketing the site. If an alternate registered domain name is activated, then it shall redirect to the valid .GOV equivalent, as appropriate.
  5. Waivers remain in effect until the domain name is decommissioned or until revoked by the ASPA and HHS CIO.

4.2.2. Waivers for new non-.GOV domain names (such as .COM, .ORG, .NET, .EDU, .BIZ, .TV, etc.) approved by the Secretary

  1. New non-.GOV domain names must be granted a waiver by the HHS Secretary, as directed by OMB memo M-05-04 on Policies for Federal Agency Public Websites (12/17/2004). Prior to registering any new non-.GOV Domain names, a waiver from the HHS Secretary approving the non-.GOV domain must be obtained. (Prerequisites for approval of non-.GOV domain names are outlined in section 4.2.4.)
  2. Offices with approved waivers for second level non-.GOV domain names may additionally reserve other non-.GOV domain names to protect similar domain names from inappropriate use by other parties; however, only the officially approved non-.GOV domain name shall be used for marketing the site. If an alternate registered domain name is activated, then it shall redirect to the approved non-.GOV equivalent as appropriate.
  3. Waivers remain in effect until the domain name is decommissioned or until revoked by the Secretary.

4.2.3. Waivers for existing non-.GOV domain names (such as .COM, .ORG, .NET, .EDU, .BIZ, .TV, etc.)

Existing, non-.GOV domain names in use when this policy is implemented must be granted a waiver by the Secretary. As directed by OMB, only the HHS Secretary is authorized to grant waivers for non-.GOV domain names and therefore, new requests for waivers must be submitted for existing non-.GOV domain names. These domain names may continue to operate using the non-.GOV domain name until the Secretary acts on the waiver request.

Waivers remain in effect until the domain name is decommissioned or until revoked by the ASPA and HHS CIO.

4.2.4. Prerequisites for granting non-.GOV domain name waivers (such as .COM, .ORG, .NET, .EDU, .BIZ, .TV, etc.)

In general, waivers for the use of non-.GOV domain names may be allowed for:

  1. Web sites sponsored by quasi-governmental agencies;
  2. Web sites developed in partnership or through grants or cooperative agreements with non-Federal organizations, where content is not exclusively official Federal government information; or
  3. Federal Web sites for children where agencies choose to use the kids.us domain.

4.2.5. Domain names excluded from seeking a waiver

Certain organizational .GOV Domain names such as CDC.GOV, FDA.GOV, and NIH.GOV are excluded from seeking a waiver if their domain names were approved and in existence prior to May 1997 (see RFC 2146 www.dotgov.gov/help_rfc2146.aspx). The use of these domain names is allowed to continue until the organization chooses to discontinue its use or until the ASPA and the HHS CIO jointly determine that a business function is no longer served by use of those domains.

 

4.3 Third Level Domain Names

In the HHS.GOV domain, approval of third level domain names (for example, topic.hhs.gov) and waivers rest with the HHS Web Management Team (WMT) Managers. Requests for third level domain names may be granted for a topical site domain name needed to represent a cross-cutting HHS initiative, program, or significant body of information that crosses HHS agencies/programs; for example, fatherhood.hhs.gov. In addition, approvals may be granted when technologically necessary. Otherwise, the site should be established as a subdirectory of HHS.GOV, for example, hhs.gov/disasters.

In other domains, such as NIH.GOV, the second-level domain owner shall establish a policy for approval of third level domain names that is based on prerequisites as set forth in this section.

 

4.4 Fourth Level Domain Names in the HHS.GOV Domain

Approval of fourth level .GOV domain names in the HHS.GOV domain (for example, topic.OPDIV.hhs.gov) and waivers rest with the third level domain name owner. Third level domain owners may determine the nature of their respective fourth level domain prerequisites for approval within the guidelines set forth in section 4.3.

 

4.5 Decommissioned Web Site Domain Names

Domain names of second-level decommissioned .GOV Web Sites are retained by HHS until the beginning of the next fiscal year following the decommissioning or longer if the WMT recommends reserving the domain name for future use. Decommissioned Web sites with active domain names must provide an accessible redirect that explains that the site is no longer available and, if appropriate, directs the user to the most relevant existing content. Domain names in non-.GOV domains, such as alzheimers.org, when replaced by a .GOV domain or decommissioned, shall be retained until such time as any potential inappropriate use by other parties will not reflect unfavorably on HHS.

 

4.6 Domain Name Registrar and Reporting Requirements

All HHS-sponsored domain names (regardless of top or first-level domain) shall be reported to the HHS Web Management Team upon request (generally, not expected to be requested more than once per year). The HHS Web Management Team shall maintain a master list of all HHS-sponsored domain names and domain name waivers.

Contact information for all .GOV domain names shall be maintained with the GSA .GOV Registrar. For all new and existing HHS-sponsored .GOV domain names registered in GSA’s .GOV domain database, the HHS Web Management Team, as the HHS Hostmaster, shall be the designated Administrative Contact. Each approved HHS-sponsored domain name shall also register designated, business-specific Federal employee(s) who shall be listed as the technical and/or billing contacts.

Each approved HHS-sponsored non-.GOV domain name registered with a domain name registrar other than GSA shall have an appropriate HHS Federal employee designated as its Administrative Contact. The administrative contact for each non-.GOV domain name shall be reported to the HHS Web Management Team annually or upon any change in contact or contact information.

Contractors and other non-government employees may not have authoritative domain name system (DNS) rights to any HHS-owned Domain Name.

top of page

 

5. Roles and Responsibilities

 

HHS Secretary

The HHS Secretary, as the HHS executive leader, is responsible for approving waivers for the use of non-.GOV domain names (such as .COM, .ORG, .NET, .EDU, .BIZ, .TV, etc.) as required by the Office of Management and Budget (December 17, 2004 guidance memorandum M-05-04, Policies for Federal Agency Public Websites, pursuant to E-Government Act of 2002, Public Law 107-347, 44 U.S.C. Chapter 36).

Responsibilities:

  • The HHS Secretary explicitly determines whether the use of another domain (non-.GOV) for a public Web site is necessary for the proper performance of an agency function, and may grant a waiver for such use of non-.GOV domain names based on this determination.
  • The HHS Secretary has authority to require the immediate shutdown of any HHS Web site using a domain name not in compliance with this policy or require the retirement of any approved domain name and any HHS-owned domain name that has previously been granted a waiver when it is in the best interests of the Department.
 

HHS Assistant Secretary for Public Affairs (ASPA)

Responsibilities:

  • The HHS ASPA, with the concurrence of the Assistant Secretary for Budget, Technology, and Finance, shall make recommendations to the HHS Secretary for approval/disapproval of all non-.GOV domain name use waiver requests and retirements of domain names.
  • The HHS ASPA, jointly with the HHS Chief Information Officer, has authority to approve HHS second level .GOV domain name use waiver requests and retirements of domain names.
  • The HHS ASPA has authority to require the immediate shutdown of any HHS Web site using a domain name not in compliance with this policy.
  • The HHS ASPA, jointly with the HHS Chief Information Officer, may require the retirement of any approved domain name and any HHS-owned domain name that has previously been granted a waiver when it is in the best interests of the Department.
 

HHS Assistant Secretary for Budget, Technology, and Finance (ASBTF)

Responsibilities:

  • The HHS Assistant Secretary for Budget, Technology, and Finance, with the concurrence of the HHS Assistant Secretary for Public Affairs, shall make recommendations to the HHS Secretary for approval/disapproval of all non-.GOV domain names and retirements of domain names.
  • The HHS ASBTF has authority to require the immediate shutdown of any HHS Web site using a domain name not in compliance with this policy.
 

HHS Chief Information Officer (CIO)

The HHS Chief Information Officer serves as the Deputy Assistant Secretary for Information Resources Management and is responsible for providing advice and assistance to the Secretary and other senior management personnel. In accordance with Final Management Regulation (FMR) 41 CFR Part 102-173 and RFC 2146, the HHS CIO has the authority to request a waiver to the Federal Internet domain naming convention restrictions at the direction of the HHS Secretary and on behalf of HHS.

Responsibilities:

  • The HHS CIO, jointly with the HHS Assistant Secretary for Public Affairs, has authority to approve HHS second level .GOV domain name waiver requests and retirements of domain names.
  • The HHS CIO has authority to require the immediate shutdown of any HHS Web site using a domain name not in compliance with this policy.
  • The HHS CIO, jointly with the HHS ASPA, may require the retirement of any approved domain name and any HHS-owned domain name that has previously been granted a waiver when it is in the best interests of the Department.
  • The HHS CIO may request payment for registration of .GOV domain names from the sponsoring OPDIV.
  • The HHS CIO shall request from, and communicate with GSA concerning HHS-approved waivers to Final Management Regulation (FMR) 41 CFR Part 102-173 and RFC 2146.
 

HHS Web Management Team Manager(s)

Responsibilities:

  • The HHS Web Management Team Manager(s) receive all requests for domain name waivers and are responsible for reviewing all requests for domain names and making recommendations to the HHS CIO and ASPA for action.
  • The HHS Web Management Team Manager(s) may require usability testing of the proposed name prior to making a recommendation.
  • The HHS Web Management Team Manager(s) may approve/disapprove requests to retain decommissioned Web site domain names and may set sunset dates to end the retention of decommissioned Web site domain names.
 

HHS Web Management Team

The HHS Web Management Team is responsible for coordinating and supporting the HHS Web presence.

Responsibilities:

  • The WMT shall review and analyze waiver requests.
  • If a request is for a .GOV domain name, the WMT shall reserve the proposed name in the GSA database.
  • The WMT will conduct usability testing, if deemed necessary or appropriate.
 

HHS Domain Name Registrar

The HHS Domain Name Registrar function is implemented by members of the HHS Web Management Team. The HHS Domain Name Registrar function is the focal point for working with the OPDIVs on domain name waivers and the annual inventory of HHS domain names.

Responsibilities:

  • The HHS Domain Name Registrar as the HHS Hostmaster, shall be the administrative contact for all domain names owned or sponsored by the Department ending in .GOV.
  • The HHS Domain Name Registrar shall maintain a master list/inventory of all HHS domain names, which OPDIV CIOs report annually to the HHS Domain Name Registrar.
  • The HHS Domain Name Registrar shall maintain domain waiver request files.
 

OPDIV Chief Public Affairs Officer

Responsibilities:

  • The OPDIV Chief Public Affairs Officer, jointly with the OPDIV CIO, shall be responsible for approving in writing all OPDIV-respective requests for waivers to the domain name policy, ensuring that the request falls within the guidelines of this policy and that a chosen domain name reflects favorably on the Department.
  • The OPDIV Chief Public Affairs Officer has authority to require the immediate shutdown of any OPDIV Web site using a domain name not in compliance with this policy.
  • The OPDIV Chief Public Affairs Officer, jointly with the OPDIV CIO, may require the retirement or decommissioning of any OPDIV-owned domain name when it is in the best interests of the Department.
 

OPDIV Chief Information Officer (CIO)

Responsibilities:

  • The OPDIV CIO, jointly with the OPDIV Chief Public Affairs Officer, shall be responsible for approving in writing all OPDIV-respective requests for waivers to domain name policy, ensuring that the request falls within the guidelines of this policy and that a chosen domain name reflects favorably on the Department.
  • The OPDIV CIO shall submit the Domain Name waiver requests in writing to the HHS Web Management Team Managers via the HHS Web Request System (webrequests@hhs.gov).
  • The OPDIV CIO shall be responsible for reporting all OPDIV-owned and sponsored first- and second-level domain names to the HHS Web Management Team when requested.
  • The OPDIV CIO, in coordination with OPDIV program/project managers, shall designate an appropriate OPDIV employee as the Administrative Contact for domain names owned or sponsored by the OPDIV.
  • The OPDIV CIO has authority to require the immediate shutdown of any OPDIV website using a domain name not in compliance with this policy.
  • The OPDIV CIO jointly with the OPDIV Chief Public Affairs Officer may require the retirement or decommissioning of any OPDIV-owned domain name when it is in the best interests of the Department.
  • The OPDIV CIO is required to notify the WMT of any domain shutdowns, retirements, or decommissionings at the time action is taken.
 

OPDIV Program/Project Managers

The Program/Project Managers who request domain names shall be Federal employees responsible for programs and/or projects which use Web sites to provide information to the public and to constituents.

Responsibilities:

  • Program/Project Managers must keep their respective CIO’s informed of domain naming issues.
  • Program/Project Managers must keep their respective CIO’s informed of project contact names, ensuring that contractors and others do not use non-.GOV domains for any sponsored Web site without a waiver from the Secretary.
 

Administrative Contacts for HHS Non-Government Domain Names

The administrative contacts for all .GOV and other HHS domain names shall be Federal employees.

Responsibilities:

  • Administrative contacts shall report non-government domain names registration information to the respective OPDIV CIO upon request.

top of page

 

6. Applicable Laws/Guidance

The following Executive Branch policy is applicable:

Final Management Regulation (FMR) 41 CFR Part 102-173 (http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ347.107.pdf)

E-Government Act of 2002 (Public Law 107-347, 44 U.S.C. Chapter 36)

OMB Policy for Federal Agency Public Websites: http://www.whitehouse.gov/omb/memoranda/fy2005/m05-04.pdf

top of page

 

7. Information and Assistance

Additional information and assistance can be found at:

Questions, comments, suggestions or requests for further information regarding this policy should be directed to the HHS Web Management Team.

top of page

 

8. Effective Date/Implementation

The effective date of this policy is the date the policy is approved.

The HHS policies contained in this issuance shall be exercised in accordance with Public Law 93-638, the Indian Self-Determination and Education Assistance Act, as amended, and the Secretary's policy statement dated August 7, 1997, as amended, titled "Department Policy on Consultation with American Indian/Alaska Native Tribes and Indian Organizations." It is HHS' policy to consult with Indian people to the greatest practicable extent and to the extent permitted by law before taking actions that affect these governments and people; to assess the impact of the Department's plans, projects, programs and activities on tribal and other available resources; and to remove any procedural impediments to working directly with tribal governments or Indian people.

top of page

 

9. Approved

____/s/____________________________
Michael O. Leavitt,
Secretary
U.S. Department of Health and Human Services
____July 13, 2005__________________
Date

top of page

 

Glossary

Domain Names - On the Web, the domain name is that part of the Uniform Resource Locator (URL) that tells a domain name server using the domain name system (DNS) whether and where to forward a request for a Web page. The domain name is mapped to an Internet Protocol (IP) address (which represents a physical point on the Internet).

To more clearly explain Domain names the following example is offered:

“.gov” = Top-level, or first-level domain name
“.hhs.gov” = Second-level domain name
“topic.hhs.gov” = Third-level domain name
“topic.opdiv.hhs.gov” = Fourth-level domain name
“../advisory/boards.htm” = subdirectory and file (Web page) not part of the domain name

HHS Owned Domain Names - Domain names registered under HHS or any of its Agencies are considered “owned” by HHS, including those registered by contractors and paid for with HHS funds.

HHS Sponsored Domain Names - Domain names hosted, maintained, and/or subsidized by HHS or any of its Agencies are considered “sponsored” or “operated on behalf of” HHS.

Web Site - A Web site is a collection of Web files on a particular subject that includes a beginning file called a home page.

top of page