 |
|
|
|
|
|
|
|
|
 |
|
Domain NamesJanuary 8, 2001HHS-IRM-2000-0008 TABLE OF CONTENTS1. Purpose This document establishes the policies and responsibilities for acquiring and approving HHS Domain Names that represent the Department of Health and Human Services (HHS) and its Agencies on the Internet.
2. Background In May 1997, the General Services Administration (GSA) issued Request for Comments (RFC) 2146, which described the registration policies for the top-level domain ".GOV". The purpose of RFC 2146 was to establish a single identifiable Internet name for each US Federal government agency. RFC 2146 restricts Domain Name registration to coincide with the approved structure of the US government, as listed in the document "Codes for the Identification of Federal and Federally Assisted Organizations," FIPS 95-1 (or its successor). RFC 2146 provides for waivers to this restriction to be granted based upon the advice of the agency Chief Information Officer.
3. Scope This policy applies to all Departmental (Operating Division and Staff Division) Domain Names in all zones, whether owned and operated by HHS, or operated on behalf of HHS.
4. Policy In accordance with Request for Comments (RFC) 2146, the Registration Policy for Domain Names representing the U.S. Department of Health and Human Services and its Agencies shall follow the normal Internet naming convention for US Federal agencies of .GOV and HHS, that is: HHS.GOV. Exceptions to this policy shall be based on need reflecting major or special a) initiatives, b) mission, c) program activity, or d) communication initiatives. The OPDIV CIO and the OPDIV Public Affairs Head signatures are required for any Second-Level Domain Names. A waiver shall be requested by the OPDIV CIO and forwarded to the Deputy Assistant Secretary for Information Resources Management (DASIRM). A HHS OPDIV/StaffDiv/Center shall use .GOV as the Domain Name. If existing non-government Domain Names (e.g., .ORG, .COM, .NET) are in use, they must be registered with the DASIRM annually and granted a waiver from the DASIRM. A waiver from the DASIRM must be obtained prior to registration of any non-government Domain Names. Use of these names is discouraged. No personal surnames shall be used in Domain Names unless approved by the Cabinet-level official. In choosing Second-Level Domain Names, it is up to the submitting organization to verify that the name is available, and that the name chosen will reflect favorably on the Department and its Agencies. Final approval of a HHS Domain Name rests solely with the DASIRM. Pre-existing .GOV Domain Names, such as CDC.GOV, FDA.GOV and NIH.GOV, are exempt per RFC 2146. Existing non-government Domain Names owned or sponsored by HHS or its Agencies prior to the date of this policy are grand-fathered if a .GOV Domain Name also pre-exists. All HHS sponsored Domain Names (regardless of First Level Name) shall be reported to the HHS Domain Name Registrar annually. A master list of all Domain Names shall be maintained by the HHS Office of Information Resources Management. The HHS Domain Name Registrar shall be designated the Administrative Contact for all new Domain Names owned or sponsored by the Department ending in .GOV. Exceptions to this rule for non-government Domain Names will be granted provided that they are reported annually to the DASIRM, or designee. Each non-government Domain Name exception shall have an appropriate HHS employee designated as its Administrative Contact. That Administrative Contact shall immediately report any security breaches at the time of the breach to the DASIRM, or designee, and the appropriate Agency Information Systems Security Officer(s) (ISSOs). When a OPDIV/StaffDiv/Center requests a .GOV Domain Name, the organization may register comparable Domain Names, e.g., .ORG, .COM, or .NET in order to block other organizations or individuals from registering a similar name. 5. Roles and Responsibilities The HHS Chief Information Officer (CIO) The CIO is responsible for providing advice and assistance to the Secretary and other senior management personnel. In accordance to RFC 2146, the CIO may request a waiver to the outlined Internet Domain Naming convention restrictions. (This responsibility has been designated to the Deputy Assistant Secretary for Information Resources Management.) The Deputy Assistant Secretary for Information Resources Management (DASIRM) The DASIRM shall request from, and communicate with, GSA concerning HHS exceptions to RFC 2146. The DASIRM shall approve all Domain Names. The DASIRM shall designate the HHS Domain Name Registrar. The HHS Domain Name Registrar shall be a Federal employee. The HHS Domain Name Registrar is the focal point for working with the OPDIVs/StaffDivs/ Centers on exceptions to RFC 2146. The HHS Domain Name Registrar shall be the Administrative Contact for all new Domain Names owned or sponsored by the Department ending in .GOV. The HHS Domain Name Registrar shall maintain a master list of all HHS Domain Names. The HHS Domain Name Registrar, upon being alerted, shall immediately report any security breaches to the HHS DASIRM, or designee, and the appropriate Agency Information Systems Security Officer(s) (ISSOs). The OPDIV Chief Information Officer (CIO) and the OPDIV Public Affairs Heads The OPDIV CIOs and the OPDIV Public Affairs Heads shall sign requests for waivers to RFC 2146. The OPDIV CIOs shall submit the waiver requests to the DASIRM. The OPDIV CIOs and/or OPDIV/StaffDiv/Center Program/Project Managers The OPDIV CIOs and/or the OPDIV/StaffDiv/Center Program/Project Managers shall be responsible for reporting all HHS Domain Names to the HHS Domain Name Registrar annually, and for reporting each new Domain Name when it is requested. The submitting organization is responsible for verifying that a chosen Domain Name is available and that it reflects favorably on the Department and its Agencies. The OPDIV CIOs and/or OPDIV/StaffDiv/Center Program/Project Managers shall designate an appropriate HHS employee as the Administrative Contact for non-government Domain Names receiving an exception. Designated Administrative Contacts for HHS Non-Government Domain Names The Designated Administrative Contacts shall annually register non-government Domain Names with the DASIRM. The Designated Administrative Contacts shall immediately report any security breaches at the time of the breach to the DASIRM, or designee, and the appropriate Agency Information Systems Security Officer(s) (ISSOs). 6. Applicable Laws/Guidance The following Executive Branch policy is applicable: RFC 2146 titled "U.S. Government Internet Domain Names" 7. Information and Assistance Direct questions, comments, suggestions or requests for further information to the HHS Deputy Assistant Secretary for Information Resources Management, (202) 690-6162. 8. Effective Date/Implementation The effective date of this policy is the date the policy is approved. The HHS policies contained in this issuance shall be exercised in accordance with Public Law 93-638, the Indian Self-Determination and Education Assistance Act, as amended, and the Secretary's policy statement dated August 7, 1997, as amended, titled "Department Policy on Consultation with American Indian/Alaska Native Tribes and Indian Organizations." It is HHS' policy to consult with Indian people to the greatest practicable extent and to the extent permitted by law before taking actions that affect these governments and people; to assess the impact of the Department's plans, projects, programs and activities on tribal and other available resources; and to remove any procedural impediments to working directly with tribal governments or Indian people. 9. Approved ___/s/__________________________________ ___01/08/01___ John J. Callahan Glossary Domain Names - On the Web, the domain name is that part of the Uniform Resource Locator (URL) that tells a domain name server using the domain name system (DNS) whether and where to forward a request for a Web page. The domain name is mapped to an IP address (which represents a physical point on the Internet). To more clearly explain Domain Names the following example is offered: deainfo.nci.nih.gov/advisory/boards.htm ".gov" = Top-Level, or First-Level Domain Name ".nih.gov" = Second-Level Domain Name "nci.nih.gov" = Third-Level Domain Name "deainfo.nci.nih.gov" = Fourth-Level Domain Name "/advisory/boards.htm" = subdirectory and file (web page). Not part of the Domain Name HHS Owned Domain Names - Domain Names registered under HHS or any of its Agencies are considered "owned" by HHS. HHS Sponsored Domain Names - Domain Names hosted, maintained, and/or subsidized by HHS or any of its Agencies are considered "sponsored" or "operated on behalf of" HHS. Web Site - A Web Site is a collection of Web files on a particular subject that includes a beginning file called a home page.
|
Last revised: January 8, 2001
 |