Domain Security: Proper .Gov Usage & DNSSEC

.Gov Domain Requirements

The .gov top-level domain is reserved exclusively for U.S. government entities. CISA manages the .gov domain registry and sets strict requirements for its use.

Proper .Gov Usage

• Official Use Only: .gov domains must be used exclusively for official government business
• CISA Compliance: All .gov domains must comply with CISA security requirements
• Documentation: Proper documentation of domain ownership and usage is mandatory
• Regular Audits: CISA conducts audits to ensure compliance

DNSSEC: DNS Security Extensions

DNSSEC (DNS Security Extensions) is a critical security protocol that protects against DNS spoofing and cache poisoning attacks. Without DNSSEC, attackers can redirect your domain to malicious sites.

DNSSEC Requirements

• DNSKEY Records: Cryptographic keys must be properly configured
• RRSIG Records: Digital signatures for DNS records
• DS Records: Delegation Signer records at the parent domain
• Key Management: Regular key rotation and secure key storage
• Monitoring: Continuous monitoring of DNSSEC status

DNS Management Best Practices

• Secure DNS Servers: DNS servers must be properly secured and monitored
• Access Control: Strict access controls for DNS management
• Change Documentation: All DNS changes must be documented
• Backup DNS: Redundant DNS servers for availability
• Regular Audits: Regular audits of DNS configuration

Liability & Compliance

Failure to properly secure your domain exposes your agency to:

• Civil liability from citizens affected by attacks
• Criminal charges for negligence
• Insurance claim denials
• Federal sanctions and funding cuts
• Loss of public trust