U.S. Department of Health & Human Services
Email Updates Font Size Print Download Reader
HHS Policy for Internet Domain Names
July 13, 2005
HHS Web Management Policy
TABLE OF CONTENTS
Nature of Changes
This is a revision to the January 8, 2001, issuance of the Health and Human Services (HHS) Information Resource Management (IRM) Policy for Domain Names (HHS-IRM-2000-0008, http://www.hhs.gov/read/irmpolicy/0008.html), in response to the Office of Management and Budget (OMB) memorandum M-05-04 on Policies for Federal Agency Public Websites (12/17/2004, http://www.whitehouse.gov/omb/memoranda/fy2005/m05-04.pdf) and the recommendations of the Interagency Committee on Government Information pursuant to the EGov Act of 2002. Modifications to this policy can be found in the following sections:
This document establishes the policies and responsibilities for approving, acquiring, and registering HHS Internet Domain Names that represent all Operating Divisions (OPDIVs) and Staff Divisions (STAFFDIVs) of the Department of Health and Human Services (HHS). This policy supercedes Domain Names Policy, HHS-IRM-2000-0008, dated January 8, 2001, (http://www.hhs.gov/read/irmpolicy/0008.html).
Many Web sites exist that resemble government Web sites or appear to provide “official” government information. They can mislead the public into believing and acting on erroneous information. Visitors looking for official government information must be confident they are getting government information. The Federal government must ensure that its public Web sites are clearly branded. As such, HHS wants to ensure that the public is aware of its presence and can be confident in the reliability of information identified as originating from HHS. Using domains that are exclusive to the government is one way to communicate to citizens that Federal public Web sites are legitimate. Use of the .GOV domain assures the public that sites using this domain are official government Web sites.
In March 2003, the General Services Administration (GSA) issued Final Management Regulation (FMR) 41 CFR Part 102-173 (http://www.dotgov.gov/final_rule_102.aspx), which provides government-wide policy for the registration of Internet .GOV domain names. Additional guidance is found in RFC 2146 (http://www.dotgov.gov/help_rfc2146.aspx).
In accordance with FMR 41 CFR Part 102-173, domain names must be authorized by the Chief Information Officer (CIO) of the requesting or sponsoring government organization (for the purposes of this policy, the HHS CIO). Non-Federal government domain names must follow the naming conventions described in Sec. 102-173.50 through 102-173.65. For other government entities, CIO's may delegate this authority by notification to GSA.
On June 14, 2002, the HHS Chief of Staff issued an HHS Domain Names Moratorium (http://intranet2.hhs.gov/lab/projects/dnames/moratorium.html) on all requests for new second-level Internet domain names to present a more unified approach to Departmental management. Exceptions to this moratorium have been granted when important business functionality was identified.
With the formation of the HHS Web Management Team (WMT), a joint memo, dated March 15, 2004, from the Assistant Secretary for Public Affairs, the Acting Assistant Secretary for Budget, Technology and Finance, and the Assistant Secretary for Administration and Management indicated that the WMT is responsible for receiving, tracking, reviewing and approving requests for assignments of Internet domain names and the “administration of all HHS-owned Internet domain names”.
Additionally, the Interagency Committee on Government Information made recommendations to the Office of Management and Budget (OMB) regarding domain names as required by the E-Government Act of 2002 (Public Law 107-347, 44 U.S.C. Chapter 36). As a result, final OMB Policies for Federal Agency Public Websites was issued December 17, 2004, requiring the use of approved government domain names and establishing a role for the Secretary. This guidance is reflected in this policy (http://www.whitehouse.gov/omb/memoranda/fy2005/m05-04.pdf).
This Departmental policy applies to all HHS Departmental, OPDIV, and STAFFDIV Domain Names, whether owned and operated by HHS, or operated on behalf of HHS. For administrative purposes, the Office of the Secretary (OS) is considered to be an OPDIV. This policy supercedes HHS IRM Policy for Domain Names, 2000-0008, dated January 8, 2001, (http://www.hhs.gov/read/irmpolicy/0008.html) and the HHS Domain Names Moratorium (http://intranet2.hhs.gov/lab/projects/dnames/moratorium.html).
4.1. Domain Names
In accordance with Final Management Regulation (FMR) 41 CFR Part 102-173, the Registration Policy for Domain Names representing the U.S. Department of Health and Human Services (HHS) and/or its Agencies shall follow the standard Internet naming convention for Federal agencies using .GOV and the responsible cabinet-level agency initials, HHS. The official domain name for HHS is HHS.GOV.
In accordance with the OMB memo on Policies for Federal Agency Public Websites issued December 17, 2004, and HHS domain name policy, all HHS Web sites shall use HHS.GOV as the domain name. The use of .COM, .ORG, .EDU, .NET, .BIZ, .TV, or other domains is prohibited.
All HHS Web sites must comply with applicable Federal, HHS, and OPDIV Web, security and accessibility (Section 508 of the Rehabilitation Act, 29 U.S.C. 794d) laws, policies, and regulations. No personal surnames shall be used in Domain Names.
All .GOV Domain Name registration fees charged by the General Services Administration will be paid by the office of the HHS CIO. The HHS CIO may request that OPDIVs pay for their respective domain name fees.
The HHS Secretary, the HHS Assistant Secretary for Public Affairs (ASPA), and HHS CIO have authority to require the immediate shutdown of any HHS website using a domain name not in compliance with this policy or require the retirement of any approved domain name and any HHS-owned domain name that has previously been granted a waiver when it is in the best interests of the Department.
OPDIV Chief Public Affairs Officers and OPDIV Chief Information Officers have the authority to require the immediate shutdown of any respective OPDIV website using a domain name not in compliance with this policy. OPDIV Chief Public Affairs Officers and OPDIV Chief Information Officers in consultation may require the retirement of any approved domain name and any OPDIV-owned domain name that has previously been granted a waiver when it is in the best interests of the Department.
4.2. Waivers to the Domain Name Policy
Waivers to the Domain Name Policy that are determined to be necessary for the business functions of an agency may be granted under the following conditions:
4.2.1. Waivers for second level .GOV domain names not using the ‘HHS.GOV’ format (e.g. topic.GOV)
4.2.2. Waivers for new non-.GOV domain names (such as .COM, .ORG, .NET, .EDU, .BIZ, .TV, etc.) approved by the Secretary
4.2.3. Waivers for existing non-.GOV domain names (such as .COM, .ORG, .NET, .EDU, .BIZ, .TV, etc.)
Existing, non-.GOV domain names in use when this policy is implemented must be granted a waiver by the Secretary. As directed by OMB, only the HHS Secretary is authorized to grant waivers for non-.GOV domain names and therefore, new requests for waivers must be submitted for existing non-.GOV domain names. These domain names may continue to operate using the non-.GOV domain name until the Secretary acts on the waiver request.
Waivers remain in effect until the domain name is decommissioned or until revoked by the ASPA and HHS CIO.
4.2.4. Prerequisites for granting non-.GOV domain name waivers (such as .COM, .ORG, .NET, .EDU, .BIZ, .TV, etc.)
In general, waivers for the use of non-.GOV domain names may be allowed for:
4.2.5. Domain names excluded from seeking a waiver
Certain organizational .GOV Domain names such as CDC.GOV, FDA.GOV, and NIH.GOV are excluded from seeking a waiver if their domain names were approved and in existence prior to May 1997 (see RFC 2146 www.dotgov.gov/help_rfc2146.aspx). The use of these domain names is allowed to continue until the organization chooses to discontinue its use or until the ASPA and the HHS CIO jointly determine that a business function is no longer served by use of those domains.
4.3 Third Level Domain Names
In the HHS.GOV domain, approval of third level domain names (for example, topic.hhs.gov) and waivers rest with the HHS Web Management Team (WMT) Managers. Requests for third level domain names may be granted for a topical site domain name needed to represent a cross-cutting HHS initiative, program, or significant body of information that crosses HHS agencies/programs; for example, fatherhood.hhs.gov. In addition, approvals may be granted when technologically necessary. Otherwise, the site should be established as a subdirectory of HHS.GOV, for example, hhs.gov/disasters.
In other domains, such as NIH.GOV, the second-level domain owner shall establish a policy for approval of third level domain names that is based on prerequisites as set forth in this section.
4.4 Fourth Level Domain Names in the HHS.GOV Domain
Approval of fourth level .GOV domain names in the HHS.GOV domain (for example, topic.OPDIV.hhs.gov) and waivers rest with the third level domain name owner. Third level domain owners may determine the nature of their respective fourth level domain prerequisites for approval within the guidelines set forth in section 4.3.
4.5 Decommissioned Web Site Domain Names
Domain names of second-level decommissioned .GOV Web Sites are retained by HHS until the beginning of the next fiscal year following the decommissioning or longer if the WMT recommends reserving the domain name for future use. Decommissioned Web sites with active domain names must provide an accessible redirect that explains that the site is no longer available and, if appropriate, directs the user to the most relevant existing content. Domain names in non-.GOV domains, such as alzheimers.org, when replaced by a .GOV domain or decommissioned, shall be retained until such time as any potential inappropriate use by other parties will not reflect unfavorably on HHS.
4.6 Domain Name Registrar and Reporting Requirements
All HHS-sponsored domain names (regardless of top or first-level domain) shall be reported to the HHS Web Management Team upon request (generally, not expected to be requested more than once per year). The HHS Web Management Team shall maintain a master list of all HHS-sponsored domain names and domain name waivers.
Contact information for all .GOV domain names shall be maintained with the GSA .GOV Registrar. For all new and existing HHS-sponsored .GOV domain names registered in GSA’s .GOV domain database, the HHS Web Management Team, as the HHS Hostmaster, shall be the designated Administrative Contact. Each approved HHS-sponsored domain name shall also register designated, business-specific Federal employee(s) who shall be listed as the technical and/or billing contacts.
Each approved HHS-sponsored non-.GOV domain name registered with a domain name registrar other than GSA shall have an appropriate HHS Federal employee designated as its Administrative Contact. The administrative contact for each non-.GOV domain name shall be reported to the HHS Web Management Team annually or upon any change in contact or contact information.
Contractors and other non-government employees may not have authoritative domain name system (DNS) rights to any HHS-owned Domain Name.
5. Roles and Responsibilities
The HHS Secretary, as the HHS executive leader, is responsible for approving waivers for the use of non-.GOV domain names (such as .COM, .ORG, .NET, .EDU, .BIZ, .TV, etc.) as required by the Office of Management and Budget (December 17, 2004 guidance memorandum M-05-04, Policies for Federal Agency Public Websites, pursuant to E-Government Act of 2002, Public Law 107-347, 44 U.S.C. Chapter 36).
HHS Assistant Secretary for Public Affairs (ASPA)
HHS Assistant Secretary for Budget, Technology, and Finance (ASBTF)
HHS Chief Information Officer (CIO)
The HHS Chief Information Officer serves as the Deputy Assistant Secretary for Information Resources Management and is responsible for providing advice and assistance to the Secretary and other senior management personnel. In accordance with Final Management Regulation (FMR) 41 CFR Part 102-173 and RFC 2146, the HHS CIO has the authority to request a waiver to the Federal Internet domain naming convention restrictions at the direction of the HHS Secretary and on behalf of HHS.
HHS Web Management Team Manager(s)
HHS Web Management Team
The HHS Web Management Team is responsible for coordinating and supporting the HHS Web presence.
HHS Domain Name Registrar
The HHS Domain Name Registrar function is implemented by members of the HHS Web Management Team. The HHS Domain Name Registrar function is the focal point for working with the OPDIVs on domain name waivers and the annual inventory of HHS domain names.
OPDIV Chief Public Affairs Officer
OPDIV Chief Information Officer (CIO)
OPDIV Program/Project Managers
The Program/Project Managers who request domain names shall be Federal employees responsible for programs and/or projects which use Web sites to provide information to the public and to constituents.
Administrative Contacts for HHS Non-Government Domain Names
The administrative contacts for all .GOV and other HHS domain names shall be Federal employees.
6. Applicable Laws/Guidance
The following Executive Branch policy is applicable:
Final Management Regulation (FMR) 41 CFR Part 102-173 (http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ347.107.pdf)
E-Government Act of 2002 (Public Law 107-347, 44 U.S.C. Chapter 36)
OMB Policy for Federal Agency Public Websites: http://www.whitehouse.gov/omb/memoranda/fy2005/m05-04.pdf
7. Information and Assistance
Additional information and assistance can be found at:
Questions, comments, suggestions or requests for further information regarding this policy should be directed to the HHS Web Management Team.
8. Effective Date/Implementation
The effective date of this policy is the date the policy is approved.
The HHS policies contained in this issuance shall be exercised in accordance with Public Law 93-638, the Indian Self-Determination and Education Assistance Act, as amended, and the Secretary's policy statement dated August 7, 1997, as amended, titled "Department Policy on Consultation with American Indian/Alaska Native Tribes and Indian Organizations." It is HHS' policy to consult with Indian people to the greatest practicable extent and to the extent permitted by law before taking actions that affect these governments and people; to assess the impact of the Department's plans, projects, programs and activities on tribal and other available resources; and to remove any procedural impediments to working directly with tribal governments or Indian people.
Domain Names - On the Web, the domain name is that part of the Uniform Resource Locator (URL) that tells a domain name server using the domain name system (DNS) whether and where to forward a request for a Web page. The domain name is mapped to an Internet Protocol (IP) address (which represents a physical point on the Internet).
To more clearly explain Domain names the following example is offered:
“.gov” = Top-level, or first-level domain name
HHS Owned Domain Names - Domain names registered under HHS or any of its Agencies are considered “owned” by HHS, including those registered by contractors and paid for with HHS funds.
HHS Sponsored Domain Names - Domain names hosted, maintained, and/or subsidized by HHS or any of its Agencies are considered “sponsored” or “operated on behalf of” HHS.
Web Site - A Web site is a collection of Web files on a particular subject that includes a beginning file called a home page.