ITP-F.1 Registration of Internet Domain Names

Ohio Office of Information Technology Statewide IT Policy 614.644.9352 tel Ted Strickland, Governor Investment and Governance Division 614.644.9152 fax R. Steve Edmonson, Director / State Chief Information Officer 30 East Broad Street, 39th Floor www.ohio.gov/itp Columbus, Ohio 43215 No: ITP-F.1 Effective: State of Ohio IT Policy Registration of Internet Domain Names 08/26/2005 Issued By: Mary F. Carroll Director, Office of Information Technology State Chief Information Officer Published By: Statewide IT Policy Investment and Governance Division 1.0 Purpose This policy provides requirements for how agencies obtain and safeguard certain Internet domain names by establishing naming requirements, and a central registration and tracking process. 2.0 Scope Pursuant to Ohio IT Policy ITP-A.1, “Authority of the State Chief Information Officer to Establish Policy Regarding the Acquisition and Use of Computer and Telecommunications Products and Services,” this state policy applies to every organized body, office, or agency established by the laws of the state for the exercise of any function of state government except for those specifically exempted. The scope of this information technology policy includes state computer and telecommunications systems and the employees, contractors, temporary personnel and other agents of the state who use and administer such systems. 3.0 Background Given the increased commitment to providing online services and information to citizens by the State of Ohio, this state policy is intended to provide a common, consistent statewide approach for obtaining and registering Web site domain names. For an agency to have its own server accessible from the Internet, it must have an Internet protocol address and a unique domain name. At a minimum, a domain name consists of at least two levels – a top level domain (TLD) and a second level domain (SLD). Each identified level within a domain name is separated by a period (commonly called a “dot”). Examples of Internet domain names that use this typical naming hierarchy include: www.ohio.gov www.ibm.com www.redcross.org An Equal Opportunity Employer and Provider of ADA Services STATE OF OHIO IT POLICY REGISTRATION OF INTERNET DOMAIN NAMES In the above examples, “gov,” “com,” and “org” are top level domains and “ohio,” “ibm,” and “redcross” are second level domains. Note that each level is separated by a dot. The TLD is intended to describe a broad category of similar types of Web sites, such as “gov” for government sites, “com” for commercial sites or “org” for organization sites. The SLD is intended to identify more specifically the content of a particular site within those broad categories. Commonly, a site’s SLD represents the name of the applicable entity, such as “ohio” for the State of Ohio, “ibm” for International Business Machines Corporation, or “redcross” for the American Red Cross. Table 1 below contains a listing of currently approved TLDs. Attachment 1 at the back of this policy provides more detailed descriptions of each of the listed current TLDs. Table 1. Current TLDs TLD .aero Description Restricted for use by the air-transport industry including airlines, airports, and airplane maintenance companies .biz Restricted for use by entities with a commercial or business function Unrestricted TLD intended for commercial use, but which has become a standard .com suffix for various types of Web sites Restricted for use by businesses that operate in compliance with National .coop Co-operative Business Association (NCBA) principles Restricted for use by postsecondary educational institutions that are .edu institutionally accredited. Restricted for use by official governmental organizations in the United States .gov including federal, state, and local governments and native sovereign nations .info Unrestricted TLD for use with sites that provide information .mil Restricted for use by the U.S. military Restricted for use by museums as defined by International Council of Museums .museum (ICOM) statutes .name Unrestricted TLD for use by individuals under their own name .net Unrestricted TLD for use by network providers Unrestricted TLD for organizations that do not meet any other TLD categories, such .org as not-for-profit organizations Restricted for use by accountants, lawyers and physicians with additional .pro professions to be added in the future Unrestricted TLD for use by any United States citizen or resident, as well as any .us business or organization, including federal, state, and local government with a bona fide presence in the United States The Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for governing the issuance of top level and second level domain names, with two exceptions. The exceptions are the .gov TLD, which is administered by the General Services Administration (GSA) and the .us TLD, which is administered by NeuStar. The GSA issued a final rule on .gov domain registration for local and state governments and native sovereign nations. The rule outlines .gov naming convention requirements and registration procedures. The rule is designed to assist in developing a .gov naming standard nationally. ITP-F.1 Page 2 of 9 STATE OF OHIO IT POLICY REGISTRATION OF INTERNET DOMAIN NAMES 4.0 References 4.1 Ohio IT Policy ITP-A.1, “Authority of the State Chief Information Officer to Establish Policy Regarding the Acquisition and Use of Computer and Telecommunications Products and Services,” defines the authority of the state chief information officer to establish State of Ohio information technology policies as they relate to state agencies’ acquisition and use of information technology, including, but not limited to, hardware, software, technology services and security. Title 41 Part 102-173 of the Code of Federal Regulations outlines the authority of the chief information officers of states to determine policy for local governments and state agencies regarding the registration and use of the .gov domain. 4.2 4.3 A glossary of terms found in this policy is located in Section 8.0 – Definitions. The first occurrence of a defined term is bold italics. 5.0 Policy 5.1 Any request for the use of a domain name by an agency shall be submitted to the Ohio Customer Service and Security Center (OCSSC) for approval and registration. Section 6.0 of this policy provides additional guidance on the procedures for requesting domain name registrations from the OCSSC. 5.1.1 For state agency domain names acquired prior to 08/26/2005: 5.1.1.1 Domain names will not be required to comply with the naming requirements outlined in this policy. 5.1.1.2 Domain name registration renewals shall be requested through the OCSSC. 5.1.2 Agencies requesting a .gov domain name shall ensure that they adhere to all of the requirements set forth in Title 41 Part 102-173 of the Code of Federal Regulations and in the GSA .gov Program Guidelines. Examples of such requirements are as follows: 5.1.2.1 The .gov domain shall not be used to advertise for private individuals, firms, or corporations, or imply in any manner that the government endorses or favors any specific commercial product, commodity, or service. The .gov domain shall not be used for campaigning. The .gov Web sites may not be directly linked to or refer to Web sites created or operated by a campaign or any campaign entity or committee. When an external link makes a user leave a .gov Web site, a notification or screen (splash message) should alert users that they are leaving the official .gov page. 5.1.2.2 5.1.2.3 ITP-F.1 Page 3 of 9 STATE OF OHIO IT POLICY REGISTRATION OF INTERNET DOMAIN NAMES GSA reserves the right to terminate any .gov domain that is not in compliance with the requirements set forth in the GSA .gov Program Guidelines and Title 41 Part 102-173 of the Code of Federal Regulations. 5.1.3 When requesting a .gov domain name, the word “Ohio” shall be included within the second level. Agencies may use the .com and .org TLDs provided agencies reserve the same domain name under both TLDs. Agencies shall avoid the use of spaces and underscores within a domain name. Dashes may be used, except at the beginning or end of a domain name. The OCSSC shall have the authority to require agencies to register additional, similar domains in order to avoid confusion. 5.1.6.1 Agencies that have acquired additional, similar domain names shall identify a primary uniform resource locator (URL) to which visitors to such alternate domain names’ Web sites shall be redirected, and shall ensure that there is content provided at each alternate site. The Web sites of alternate domain names shall be configured so that users do not encounter an invalid page error message. 5.1.4 5.1.5 5.1.6 5.1.7 Agencies shall have a fiduciary responsibility to ensure that any desired domain name, including any additional domain names under alternate TLDs as may be required by the OCSSC, are available for acquisition. At the requesting agency’s direction, the OCSSC shall assist in determining the availability of domain names. If it is determined that it is not feasible to obtain a desired domain name, the requesting agency shall select another. Agencies shall avoid the use of names or acronyms that are associated with, easily confused with, or too similar to those of another agency, organization or entity, or that could be interpreted as disparaging to a group or classification of Ohio residents. The OIT Unified Network Services administrator or his or her designee shall have approval authority when judging whether a requested domain name is too easily associated with that of another entity, or could be considered disparaging. An agency that desires a domain name that does not comply with the requirements of this policy shall request approval for a variance from the OIT Unified Network Services administrator or his or her designee. 5.1.8 5.1.9 5.1.10 Domain names registered with the OCSSC shall be maintained until a request for cancellation is received. Agencies shall have the OCSSC retain a domain name registration for a minimum of 12 months after a web service has been discontinued or migrated to another domain name. During this 12month period, a notice with the new web address or a notice of service discontinuation shall be posted at the Web site of the domain name to be canceled. ITP-F.1 Page 4 of 9 STATE OF OHIO IT POLICY REGISTRATION OF INTERNET DOMAIN NAMES 5.1.11 OIT Unified Network Services shall invoice agencies via a voucher of intrastate payment (VIP) for all costs associated with registration and maintenance of domain names. 6.0 Procedures 6.1 Agencies shall establish a primary and secondary administrative contact for administering domain names. The administrative contact shall request desired domain names by accessing the online Technology Service Request System (TSR) at tsr.ohio.gov and selecting “domain name requests.” For more information about the TSR system, including use and establishment of an administrative contact, visit http://www.oit.ohio.gov/SDD/NetworkServices/tools/ordr.aspx. If there is a change in the primary or secondary administrative contact for administering domain names, then the agency shall notify the OCSSC of the change as soon as possible. 6.2 The administrative contact shall be responsible for providing all required information on the TSR domain name request form. Agencies desiring a variance to the requirements of this policy shall include a justification statement for the variance with their domain name request on the TSR system. The OIT Unified Network Services administrator or his/her designee will approve or deny the variance request. Upon receiving a complete domain name request form, the OCSSC shall register the requested domain name with an approved registering authority under all applicable TLDs. 6.4.1 Prior to completing the registration process, the OCSSC will ensure that there are no conflicts regarding ownership of a desired domain name or names. The administrative contact will be notified if any such conflicts are discovered and the OCSSC will work with the administrative contact to determine an appropriate resolution. 6.3 6.4 6.5 Upon successfully registering a requested domain name, the OCSSC shall notify the administrative contact. To cancel a domain name, the administrative contact shall access the TSR system at tsr.ohio.gov and select “remove” from the menu on the domain name request form. OIT Unified Network Services shall invoice the requesting agency via a VIP for all costs associated with registering and maintaining a domain name. 6.6 6.7 ITP-F.1 Page 5 of 9 STATE OF OHIO IT POLICY REGISTRATION OF INTERNET DOMAIN NAMES 7.0 Revision History Date 08/26/2005 08/26/2010 Description of Change Original Policy Scheduled policy review. 8.0 Definitions 8.1 Domain Name. A domain name is used to locate computers on the Internet and to allow users to reach Web sites. Each domain name has at least two components, the top level domain name and the secondary level domain name. Structurally, TLDs and SLDs are combined to create a domain name address: www.secondlevel.toplevel. Internet. A worldwide system of computer networks - a network of networks - in which computer users can get information and access services from other computers. The Internet is generally considered to be public, un-trusted and outside the boundary of the state of Ohio enterprise network. Internet Protocol Address. Also called an “IP address”, a unique number assigned by an Internet authority that identifies a computer on the Internet. The number consists of four groups of numbers between 0 and 255, separated by periods (dots). For example, 195.112.56.75 is an IP address 1 . Second Level Domain. The second level domain or SLD is the next highest level of the hierarchy after the top level domain. SLDs are typically selected to relate to specific information or services offered or to identify the organization providing the information. Structurally, TLDs and SLDs are combined to create a domain name address: www.secondlevel.toplevel. Technology Service Request System (TSR). The Technology Service Request System (TSR) is an online system for requesting telecommunications technology services such as digital private lines, local and/or long distance services, voicemail, Internet access and firewall services. These requests are submitted to the Office of Information Technology online. Top Level Domain. The top level domain is the basic component of a domain name address. Some examples of TLD domains are .com, .gov and .us. See attachment 1 for a full listing of top level domains and an associated explanation. Uniform Resource Locator. The character string or Web address that identifies an Internet document’s exact name and location. 2 8.2 8.3 8.4 8.5 8.6 8.7 1 “IP address.” Def. The Gartner Glossary of Information Technology Acronyms and Terms. Ed. Carl Richmond. 4th ed. Stamford: Gartner Direct Products, 2000. 2 “URL.” Def. Gartner Glossary. ITP-F.1 Page 6 of 9 STATE OF OHIO IT POLICY REGISTRATION OF INTERNET DOMAIN NAMES 9.0 Related Resources Document Name General Services Administration Final Rule – 41 CFR Part 102-173 http://www.dotgov.gov/final_rule_102.aspx General Services Administration .gov Program Guidelines http://www.dotgov.gov/program_guidelines.aspx Internet Corporation for Assigned Names and Numbers (ICANN) Web site http://www.icann.com NeuStar Web site http://www.neustar.com 10.0 Inquiries Direct inquiries about domain name registration and maintenance to: Ohio Customer Service and Security Center Unified Network Services Ohio Office of Information Technology 1320 Arthur E. Adams Drive, 1st Floor Columbus, Ohio 43221-3595 Telephone: Telephone: Facsimile: E-mail: 614-644-0701 (within Columbus area) 800-644-0701 (outside Columbus area) 614-644-3349 OCSSC@oit.ohio.gov Direct inquiries about this policy to: Statewide IT Policy Investment and Governance Division Ohio Office of Information Technology 30 East Broad Street, 39th Floor Columbus, Ohio 43215 Telephone: Facsimile: E-mail: 614-644-9352 614-644-9152 State.ITPolicy.Manager@oit.ohio.gov Ohio IT Policy can be found on the Internet at: www.ohio.gov/itp. 11.0 Attachments 11.1 Attachment 1 – Description of Current Top Level Domains. This document includes a listing of top level domains and their associated definitions. ITP-F.1 Page 7 of 9 STATE OF OHIO IT POLICY REGISTRATION OF INTERNET DOMAIN NAMES Attachment 1 Description of Current Top Level Domains .aero The .aero suffix is a restricted TLD for use by the aviation community, including airlines, airports, airfreight operators, aerospace manufacturers, air traffic services and related industry and government bodies. Applicants for domain names with the .aero suffix are approved by Societe Internationale de Telecommunications Aeronautiques SC (SITA) approved registration authorities. For more information regarding the .aero TLD, including implementation criteria, visit www.sita.aero. The .biz suffix is restricted for use to entities with business and commercial purposes. Registrants are required to submit a description of the business process or purpose of Web sites registered under the .biz TLD. For more information regarding the .biz TLD, including implementation criteria, visit www.neulevel.biz. The .com TLD was originally intended for use by commercial entities. However, the .com TLD was designated as unrestricted, meaning anyone for any purpose may apply for a domain name using the .com suffix. As the .com suffix has gained popularity among Internet Web sites, it has lost its unique standing as an identifier of commercial sites. In recognition of this fact, ICANN adopted the .biz TLD to identify commercial sites in the future. The .com Web sites are likely to remain popular, as they have developed brand recognition of their own. Applicants for the restricted .coop TLD must operate their businesses in compliance with the established and accepted co-operative principles contained in Article 1.3 of the National Co-operatives Business Association bylaws and International Co-operatives Association constitution, or they must represent a group of organizations or businesses that comply with these guidelines. For more information regarding the coop TLD, including implementation criteria, please visit www.coop. The .edu TLD is intended for postsecondary educational institutions that are institutionally accredited by an agency of the United States Department of Education’s list of nationally recognized accrediting agencies. The .gov TLD is operated by the General Services Administration for the registration of United States Government related domain names. Federal, state, and local governments as well as Native Sovereign Nations are permitted to register under the .gov TLD. These names are being used to promote government services and increase the ease of finding online services. Like the current .com, .org, and .net TLDs, .info is an unrestricted suffix and may be used by anyone. For more information regarding the .info TLD, including implementation criteria, visit www.afilias.com. The .mil TLD is restricted for use by the U.S. military. .biz .com .coop .edu .gov .info .mil ITP-F.1 Page 8 of 9 STATE OF OHIO IT POLICY REGISTRATION OF INTERNET DOMAIN NAMES .museum Use of the .museum TLD is restricted to museums as defined by International Council on Museums statutes. Under these statutes, an entity must be a notfor-profit, permanent institution in the service of society and of its development, and open to the public, which acquires, conserves, researches, communicates and exhibits, for purposes of study, education and enjoyment, material evidence of people and their environment. In addition to institutions designated as museums, the following also qualify as museums: historical, natural, archaeological and ethnographic monuments and sites; botanical and zoological gardens; science centers and planetaria; and, nature reserves. A full listing of organizations that qualify as a museum can be found at www.icom.org. For more information regarding the .museum TLD, including implementation criteria, visit www.musedoma.museum. Use of the .name TLD is unrestricted for individuals wishing to register an Internet domain name under any combination of their personal name, like www.johnsmith.name, www.smithjohn.name or www.jsmith.name. For more information regarding the .name TLD, including implementation criteria, please visit www.nic.name. The .net TLD was originally intended for use by network providers. Similar to the .com and .org suffixes, .net is designated as unrestricted. However, like the .org suffix, .net never gained the popularity of .com domain names. The .org TLD was originally intended for use by organizations that did not fit any of the other TLD categories and therefore, consisted mostly of not-for-profit organizations. Similar to the .com suffix, it was designated as unrestricted. The .org suffix never gained the popularity of the .com suffix, even among not-forprofit organizations. Nevertheless, to avoid potential confusion and embarrassment among Internet users, those who reserved a .com domain name often also reserved the same name under .org. The .pro TLD is not yet operational and will be restricted to professionals. Initial offerings are expected to be limited to the legal, medical and accounting fields. The registering authority will work in cooperation with corresponding professional organizations and ICANN to establish appropriate criteria for domain names to be issued under the .pro TLD. Additional professions may be added. For more information regarding the .pro TLD, including implementation criteria, visit www.nic.pro. The .us TLD allows United States citizens or residents, as well as any business or organization, including federal, state, and local governments to establish an American identity on the Internet with a short, memorable domain name. The .us TLD is the official country code top-level domain for the United States within the global domain name system. .name .net .org .pro .us ITP-F.1 Page 9 of 9