AGENCY:

Office of Information Integrity and Access, Office of Government-wide Policy (OGP), General Services Administration (GSA).

ACTION:

Final rule.

SUMMARY:

This final rule adopts without changes the interim rule published January 10, 2022, which implemented provisions of the DOTGOV Online Trust in Government Act of 2020 (“DOTGOV”) applicable to GSA that transfer ownership, management and operation of the DotGov Domain Program from the General Services Administration (GSA) to the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). In the interim rule, GSA removed provisions to the existing jurisdiction of the DotGov domain program that had been delegated to the General Services Administration in 1997.

DATES:

Effective: July 26, 2022.

Applicability Date: As of July 26, 2022, this final rule applies to all newly issued, already in operation, and/or renewed domains.

FOR FURTHER INFORMATION CONTACT:

For clarification of content, contact Ms. Marina Fox, Office of Government-wide Policy, Office of Information, Integrity, and Access, at 202-253-6448, or by email at marina.fox@gsa.gov. For information pertaining to the status or publication schedules, contact the Regulatory Secretariat Division at 202-501-4755 or GSARegSec@gsa.gov. Please cite FMR Case 2021-02.

SUPPLEMENTARY INFORMATION:

I. Background

For more than 20 years, GSA supported government organizations and worked to make the DotGov domain a trusted space. The DotGov domain exists so that the online services of bona fide U.S.-based government organizations are easy to identify on the internet. Increasing the use of the DotGov domain helps the public know where to find official government information. DotGov is critical infrastructure: it is central to the availability and integrity of thousands of online services relied upon by millions of users. Since the DotGov domain underpins communication with and within these institutions, cybersecurity significance of all aspects of DotGov's administration has been increasing rapidly. To provide additional cybersecurity support and expand DotGov domain usage among public entities, the DOTGOV was introduced in the U.S. Senate on October 30, 2019, directing GSA to transfer the DotGov program to CISA.

On December 27, 2020, the DOTGOV was signed into law and enacted as part of the Consolidated Appropriations Act, 2021 (Pub. L. 116-260). The Act transfers the DotGov internet domain program, as operated by the General Services Administration under title 41, Code of Federal Regulations, to DHS CISA. The Act also orders that on the date CISA begins operational administration of the DotGov internet domain program, the GSA Administrator shall rescind the requirements in part 102-173 of title 41, Code of Federal Regulations applicable to any Federal, State, local, or territorial government entity, or other publicly controlled entity, including any Tribal government recognized by the Federal Government or a State government that is registering or operating a DotGov internet domain. Finally, the DOTGOV orders that in place of the requirements in part 102-173 of title 41, Code of Federal Regulations, CISA, in consultation with the Director of Management and Budget (OMB), shall establish and publish a new set of requirements for the registration and operation of DotGov domains.

On April 26, 2021, GSA transferred ownership, management and operation of DotGov Domain Program to the Department of Homeland Security (DHS), CISA, and CISA published new DotGov domain issuance guidance for government entities in place of the existing INTERNET GOV DOMAIN requirements in part 102-173 of title 41, Code of Federal Regulations.

Beginning on January 10, 2022, GSA sought public comments on these actions for a period of 60 days through publication of an interim rule in the Federal Register (FMR Case 2021-02) at 87 FR 1080. GSA received one general comment, which was in support of the FMR Case 2021-02.

This final rule removes provisions to the existing jurisdiction of the DotGov domain that had been delegated to GSA in 1997 and implements provisions of the DOTGOV applicable to GSA that transfer ownership, management and operation of the DotGov domain program from the GSA to DHS CISA.

DotGov Program History

The DotGov program was created in 1997, and GSA OGP became the designated authority for the top level Domain “DOT GOV” registry and registrar and the subdomain registrar for FED.US by a delegation of the National Science Foundation through consensus of the Federal Networking Council and Department of Commerce on October 1, 1997. To provide additional support, GSA entered into an agreement with the Department of the Interior's Bureau of Indian Affairs to facilitate the registration of Native Sovereign Nations (NSNs) in the DotGov domain. In 2003, GSA began using the Intergovernmental Cooperation Act (IGCA) as the authority to provide services to U.S. state and Start Printed Page 44280 local governments, and began issuing DotGov domains to state and local government entities.

Under GSA's DotGov program management and operations, domain registrations were approved based on established criteria, detailed in Federal Networking Council request for comments (RFC) 2146, May 1997 and in the Code of Federal Regulations—41 CFR part 102-173. GSA's management of the DotGov program also included DotGov DNS Security (DNSSEC), which gives DNS queries origin authenticity and data integrity. This was accomplished by the inclusion of public keys and the use of digital signatures to DNS information. DNSSEC was deployed on the top level Gov domain root zone in January 2008 in accordance with OMB Memorandum M-08-23.

II. Discussion of the Final Rule

A. Summary of Significant Changes

No significant changes.

B. Analysis of Public Comments

The interim rule was published in the Federal Register on January 10, 2022 at 87 FR 1080. One comment was received and was in support of the interim rule.

C. Expected Cost Impact to the Public

There is no expected cost to the public from this rule.

III. Executive Orders 12866 and 13563

Executive Orders (E.O.s) 12866 and 13563 direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). E.O. 13563 emphasizes the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility. This is not a significant regulatory action and, therefore, was not subject to review under section 6(b) of E.O. 12866, Regulatory Planning and Review, dated September 30, 1993.

III. Congressional Review Act

This rule is not a major rule under 5 U.S.C. 804(2). Subtitle E of the Small Business Regulatory Enforcement Fairness Act of 1996 (codified at 5 U.S.C. 801-808), also known as the Congressional Review Act or CRA, generally provides that before a rule may take effect, the agency promulgating the rule must submit a rule report, which includes a copy of the rule, to each House of the Congress and to the Comptroller General of the United States. GSA will submit a report containing this rule and other required information to the U.S. Senate, the U.S. House of Representatives, and the Comptroller General of the United States.

IV. Regulatory Flexibility Act

This final rule will not have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act, 5 U.S.C. 601, et seq., because it applies to agency management or personnel. Therefore, an Initial Regulatory Flexibility Analysis has not been performed.

V. Paperwork Reduction Act

The Paperwork Reduction Act does not apply because the changes to the FMR do not impose recordkeeping or information collection requirements, or the collection of information from offerors, contractors, or members of the public that require the approval of the Office of Management and Budget (OMB) under 44 U.S.C. 3501, et seq.

List of Subjects in 41 CFR Part 102-173

• Government property management internet Gov Domain

PART 102-173—[REMOVED]

For the reasons set forth in the preamble, and under the authority of the DOTGOV Online Trust in Government Act of 2020 (Title IX, Division U, H.R. 133, Consolidated Appropriations Act, 2021), GSA adopts the interim rule removing 41 CFR part 102-173, which published at 87 FR 1080 on January 10, 2022, as final without changes.