White House looks to shore up public trust in government websites

A White House memorandum issued Wednesday instructs federal agencies to use government domain names for official communications and to make domain names "memorable" for everyday users.

The new memo is designed to bring agencies in compliance with the DOTGOV act, which passed as part of the fiscal year 2021 appropriations package. 

"When people visit a federal website, they should be able to trust that it's an official site," Federal Chief Information Office Clare Martorana said in a tweet announcing the policy guidance. 

The Office of Management and Budget guidance instructed agencies to use "memorable" and succinct domain names that end with the .gov or .mil domain, but provided an exception for non-governmental entities operating third-party services on non-government domain names that are critical for critical public communications. 

The exceptions allow agencies to continue using social media services to communicate with the public, as well as source code collaboration and vulnerability disclosure reporting systems not housed on .gov or .mil domains. Otherwise, OMB said it will review and work to limit all non-government domains, including directing agencies to cease the use of non-government domains if they fail to provide adequate rationale. 

A spokesperson for OMB said in a statement accompanying the guidance that the new requirements "will play a critical role in helping deliver trusted interactions to the American people when they visit official government sites."

The DOTGOV Online Trust in Government Act was designed to streamline the process for federal agencies developing new websites and migrating content to the dot-gov domain. Under the bill, the Cybersecurity and Infrastructure Security Agency took over management of the top-level .gov domain from the General Services Administration. 

A Senate Homeland Security and Governmental Affairs Committee report explaining the legislation noted that the "vast majority" of county and local governments fail to utilize government domains, and noted that online phishing campaigns have previously attempted to impersonate hundreds of local government websites. The report said that utilizing the .gov domain "helps local governments validate their information" for the public.