AGENCY:

Office of Information Integrity and Access, Office of Government-wide Policy (OGP), General Services Administration (GSA).

ACTION:

Interim rule.

SUMMARY:

This interim rule implements certain provisions of the DOTGOV Act of 2020 applicable to GSA, which was enacted as part of the Consolidated Appropriations Act, 2021. It removes provisions to the existing jurisdiction of the DOTGOV domain that had been delegated to the General Services Administration in 1997 by the Federal Networking Council with guidance in the form of internet Engineering Task Force (IETF) Informational RFC 2146, which was further expanded to include State, local, or territorial government entities in 2003 by the Intergovernmental Cooperation Act (IGCA). This interim rule implements provisions of the DOTGOV Act of 2020 that transfer ownership, management and operation of the DotGov Domain Program from the General Services Administration (GSA) to the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA).

DATES:

Effective date: January 10, 2022.

Applicability Date: As of January 10, 2022, this interim rule applies to all newly issued, already in operation, and/or renewed .gov domains.

Comment Date: Interested parties should submit written comments to the Regulatory Secretariat Division at the address shown below on or before March 11, 2022 to be considered in the formation of the final rule.

FOR FURTHER INFORMATION CONTACT:

For clarification of content, contact Ms. Marina Fox, Office of Government-wide Policy, Office of Information, Integrity, and Access, at 202-253-6448, or by email at marina.fox@gsa.gov. For information pertaining to the status or publication schedules, contact the Regulatory Secretariat Division at 202-501-4755 or GSARegSec@gsa.gov. Please cite FMR Case 2021-02.

SUPPLEMENTARY INFORMATION:

Inspection of Public Comments: Comments received before the close of the comment period are available for viewing by the public, including any personally identifiable or confidential business information that is included in a comment. We post comments received before the close of the comment period on the following website as soon as possible after they have been received: https://regulations.gov. Follow the search instructions on that website to view public comments.

I. Background

For more than 20 years, GSA supported government organizations and worked to make .gov a trusted space.gov domain exists so that the online services of bona fide U.S.-based government organizations are easy to identify on the internet. Increasing and normalizing .gov use helps the public know where to find official government information. .gov is critical infrastructure: It's central to the availability and integrity of thousands of online services relied upon by millions of users. Since the .gov domain underpins communication with and within these institutions, cybersecurity significance of all aspects of .gov's administration has been increasing rapidly. To provide additional cybersecurity support and expand .gov usage among public entities, the DOTGOV Act of 2020 (or the DOTGOV Act of 2019) was introduced in the U.S. Senate on October 30, 2019, directing GSA to transfer the DotGov program to CISA.

On December 27, 2020, the DOTGOV Act of 2020 was signed into law and enacted as part of the Consolidated Appropriations Act, 2021 (Pub. L. 116-260). The Act transfers the DotGov (.gov) internet domain program, as operated by the General Services Administration under title 41, Code of Federal Regulations, to DHS CISA. The Act also orders that on the date CISA begins operational administration of the DotGov internet domain program, the GSA Administrator shall rescind the requirements in part 102-173 of title 41, Code of Federal Regulations applicable to any Federal, State, local, or territorial government entity, or other publicly controlled entity, including any Tribal government recognized by the Federal Government or a State government that is registering or operating a .gov internet domain. Finally, the Act orders that in place of the requirements in part 102-173 of title 41, Code of Federal Regulations, CISA, in consultation with the Director of Management and Budget (OMB), establishes and publishes a new set of requirements for the registration and operation of .gov domains.

On April 26, 2021, GSA transferred ownership, management and operation of DotGov Domain Program to the Department of Homeland Security (DHS), CISA, and CISA published new .gov domain issuance guidance for government entities in place of the existing INTERNET GOV DOMAIN requirements in FMR. To comply with the DOTGOV Online Trust in Government Act of 2020 (Title IX, Division U, H.R. 133, Consolidated Appropriations Act, 2021), GSA is amending the Federal Management Regulation to remove all requirements in part 102-173 “INTERNET GOV DOMAIN”.

DotGov Program History

The DotGov program was created in 1997, and GSA OGP became the designated authority for the top level Domain “DOT GOV” registry and registrar and the subdomain registrar for FED.US by a delegation of the National Science Foundation through consensus of the Federal Networking Council and Department of Commerce on October 1, 1997. To provide additional support, GSA entered into an agreement with the Department of the Interior's Bureau of Indian Affairs to facilitate the registration of Native Sovereign Nations (NSNs) in the dot-gov domain. In 2003, GSA began using the Intergovernmental Cooperation Act (IGCA) as the authority to provide services to U.S. state and local governments, and began issuing Start Printed Page 1081 .gov domains to state and local government entities.

Under GSA's DotGov program management and operations, domain registrations were approved based on established criteria, detailed in Federal Networking Council request for comments (RFC) 2146, May 1997 and in the Code of Federal Regulations—41 CFR Part 102-173. GSA's management of the DotGov program also included DotGov DNS Security (DNSSEC), which gives DNS queries origin authenticity and data integrity. This was accomplished by the inclusion of public keys and the use of digital signatures to DNS information. DNSSEC was deployed on the top level Gov domain root zone in January 2008 in accordance with OMB Memorandum M-08-23.

II. Executive Orders 12866 and 13563

Executive Orders (E.O.s) 12866 and 13563 direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). E.O. 13563 emphasizes the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility. This is not a significant regulatory action and, therefore, was not subject to review under section 6(b) of E.O. 12866, Regulatory Planning and Review, dated September 30, 1993.

III. Congressional Review Act

This rule is not a major rule under 5 U.S.C. 804(2). Subtitle E of the Small Business Regulatory Enforcement Fairness Act of 1996 (codified at 5 U.S.C. 801-808), also known as the Congressional Review Act or CRA, generally provides that before a rule may take effect, the agency promulgating the rule must submit a rule report, which includes a copy of the rule, to each House of the Congress and to the Comptroller General of the United States. GSA will submit a report containing this rule and other required information to the U.S. Senate, the U.S. House of Representatives, and the Comptroller General of the United States. A major rule under the CRA cannot take effect until 60 days after it is published in the Federal Register . OIRA has determined that this is not a “major rule” as defined by 5 U.S.C. 804(2).

IV. Regulatory Flexibility Act

This interim rule will not have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act, 5 U.S.C. 601, et seq., because it applies to agency management or personnel. Therefore, an Initial Regulatory Flexibility Analysis has not been performed.

V. Paperwork Reduction Act

The Paperwork Reduction Act does not apply because the changes to the FMR do not impose recordkeeping or information collection requirements, or the collection of information from offerors, contractors, or members of the public that require the approval of the Office of Management and Budget (OMB) under 44 U.S.C. 3501, et seq.

VI. Determination To Issue an Interim Rule

As discussed above, Congress mandated through the DOT Gov Online Trust in Government Act that GSA rescind the regulations contained in part 102-173 of title 41, Code of Federal Regulations. As Congress has directed a specific regulator outcome through statute, this constitutes good cause to issue this as an interim rule with comment period.

List of Subjects in 41 CFR Part 102-173

• Government property management; Internet Gov Domain

PART 102-173—[REMOVED]

For the reasons set forth in the preamble, and under the authority of the DOTGOV Online Trust in Government Act of 2020 (Title IX, Division U, H.R. 133, Consolidated Appropriations Act, 2021), GSA removes 41 CFR part 102-173.