[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 2749 Reported in Senate (RS)]
<DOC>
Calendar No. 401
116th CONGRESS
2d Session
S. 2749
[Report No. 116-192]
To provide requirements for the .gov domain, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
October 30, 2019
Mr. Peters (for himself, Mr. Johnson, Ms. Klobuchar, Mr. Lankford, Ms.
Hassan, and Mr. Blunt) introduced the following bill; which was read
twice and referred to the Committee on Homeland Security and
Governmental Affairs
January 6, 2020
Reported by Mr. Johnson, with amendments
[Omit the part struck through and insert the part printed in italic]
_______________________________________________________________________
A BILL
To provide requirements for the .gov domain, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``DOTGOV Online Trust in Government
Act of 2019'' or the ``DOTGOV Act of 2019''.
SEC. 2. FINDINGS.
Congress finds that--
(1) the .gov internet domain reflects the work of United
States innovators in inventing the internet and the role that
the Federal Government played in guiding the development and
success of the early internet;
(2) the .gov internet domain is a unique resource of the
United States that reflects the history of innovation and
global leadership of the United States;
(3) when online public services and official communications
from any level and branch of government use the .gov domain,
they are easily recognized as official and difficult to
impersonate;
(4) the citizens of the United States deserve online public
services that are safe, recognizable, and trustworthy;
(5) the .gov internet domain should be available at no cost
or a negligible cost to any Federal, State, local, or
territorial government-operated or publicly controlled entity,
including any Tribal government recognized by the Federal
Government or a State government, for use in their official
services, operations, and communications;
(6) the .gov internet domain provides a critical service to
those Federal, State, local, Tribal, and territorial
governments; and
(7) the .gov internet domain should be operated
transparently and in the spirit of public accessibility,
privacy, and security.
SEC. 3. DEFINITIONS.
In this Act--
(1) the term ``Administrator'' means the Administrator of
General Services;
(2) the term ``Director'' means the Director of the
Cybersecurity and Infrastructure Security Agency;
(3) the term ``online service'' means any internet-facing
service, including a website, email, a virtual private network,
or a custom application; and
(4) the term ``State'' means any State of the United
States, the District of Columbia, the Commonwealth of Puerto
Rico, the Virgin Islands, Guam, American Samoa, the
Commonwealth of the Northern Mariana Islands, and any
possession of the United States.
SEC. 4. DUTIES OF DEPARTMENT OF HOMELAND SECURITY.
(a) Purpose.--The purpose of the .gov internet domain program is
to--
(1) legitimize and enhance public trust in government
entities and their online services;
(2) facilitate trusted electronic communication and
connections to and from government entities;
(3) provide simple and secure registration of .gov internet
domains;
(4) improve the security of the services hosted within
these domains, and of the .gov namespace in general; and
(5) enable the discoverability of government services to
the public and to domain registrants.
(b) Duties and Authorities Relating to the .gov Domain.--
(1) In general.--Subtitle A of title XXII of the Homeland
Security Act (6 U.S.C. 651 et seq.) is amended--
(A) in section 2202(c) (6 U.S.C. 652(c))--
(i) in paragraph (10), by striking ``and''
at the end;
(ii) by redesignating paragraph (11) as
paragraph (12); and
(iii) by inserting after paragraph (10) the
following:
``(11) carry out the duties and authorities relating to the
.gov domain, as described in section 2215; and''; and
(B) by adding at the end the following:
``SEC. 2215. DUTIES AND AUTHORITIES RELATING TO .GOV DOMAIN.
``(a) Availability of .gov Domain.--The Director shall make .gov
domain name registration services, as well as any supporting services
described in subsection (c), generally available--
``(1) to any Federal, State, local, or territorial
government entity, or other publicly controlled entity,
including any Tribal government recognized by the Federal
Government or a State government, that complies with the
policies requirements for registration developed by the
Director as described in subsection (b);
``(2) without conditioning registration on the sharing of
any information with the Director or any other Federal entity,
other than the information required to meet the policies
requirements described in subsection (b); and
``(3) without conditioning registration on participation in
any separate service offered by the Director or any other
Federal entity.
``(b) Requirements.--The Director, in consultation with the
Director of the Office of Management and Budget, shall establish and
publish on a publicly available website requirements for the
registration and operation of .gov domains sufficient to--
``(1) minimize the risk of .gov domains whose names could
mislead or confuse users;
``(2) establish that .gov domains may not be used for
commercial or campaign purposes;
``(3) ensure that domains are registered and maintained
only by authorized individuals; and
``(4) limit the sharing or use of any information obtained
through the administration of the .gov domain with any other
Department of Homeland Security component or any other agency
of the Federal Government for any purpose other than the
administration of the .gov domain, the services described in
subsection (c), and the requirements for establishing a .gov
inventory described in subsection (f).
``(c) Supporting Services.--
``(1) In general.--The Director may provide services to the
entities described in subsection (a)(1) specifically intended
to support the security, privacy, reliability, accessibility,
and speed of registered .gov domains.
``(2) Rule of construction.--Nothing in this paragraph (1)
shall be construed to--
``(A) limit other authorities of the Director to
provide services or technical assistance to an entity
described in subsection (a)(1); or
``(B) establish new authority for services other
than those the purpose of which expressly supports the
operation of .gov domains and the needs of .gov domain
registrants.
<DELETED> ``(d) Fees.--The Director may provide any service relating
to the availability of the .gov internet domain program, including .gov
domain name registration services and supporting services described in
subsection (c), to entities described in subsection (a)(1) with or
without reimbursement.</DELETED>
``(d) Fees.--
``(1) In general.--The Director may provide any service
relating to the availability of the .gov internet domain
program, including .gov domain name registration services
described in subsection (a) and supporting services described
in subsection (c), to entities described in subsection (a)(1)
with or without reimbursement.
``(2) Limitation.--The total fees collected for new .gov
domain registrants or annual renewals of .gov domains shall not
exceed the direct operational expenses of maintaining the .gov
internet domain.
``(e) Consultation.--The Director shall consult with the Director
of the Office of Management and Budget, the Administrator of General
Services, other civilian Federal agencies as appropriate, and entities
representing State, local, Tribal, or territorial governments in
developing the strategic direction of the .gov domain and in developing
the policies required establishing requirements under subsection (b),
in particular on matters of privacy, accessibility, transparency, and
technology modernization.
``(f) .gov Inventory.--
``(1) In general.--The Director shall, on a continuous
basis--
``(A) inventory all hostnames and services in
active use within the .gov domain; and
``(B) provide the data described in subparagraph
(A) to domain registrants at no cost.
``(2) Requirements.--In carrying out paragraph (1)--
``(A) data may be collected through analysis of
public and non-public sources, including commercial
data sets;
``(B) the Director shall share with Federal and
non-Federal domain registrants all unique hostnames and
services discovered within the zone of their registered
domain;
``(C) the Director shall share any data or
information collected or used in the management of the
.gov domain name registration services relating to
Federal executive branch registrants with the Director
of the Office of Management and Budget for the purpose
of fulfilling the duties of the Director of the Office
of Management and Budget under section 3553 of title
44, United States Code;
``(D) the Director shall publish on a publicly
available website discovered hostnames that describe
publicly accessible Federal agency websites, to the
extent consistent with the security of Federal
information systems but with the presumption of
disclosure;
``(E) the Director may publish on a publicly
available website any analysis conducted and data
collected relating to compliance with Federal mandates
and industry best practices, to the extent consistent
with the security of Federal information systems but
with the presumption of disclosure; and
``(F) the Director shall--
``(i) collect information on the use of
non-.gov domain suffixes by Federal agencies
for their official online services;
``(ii) collect information on the use of
non-.gov domain suffixes by State, local,
Tribal, and territorial governments; and
``(iii) publish the information collected
under clause (i) on a publicly available
website.
``(3) Strategy.--Not later than 180 days after the date of
enactment of this Act section, the Director shall develop and
submit to the Committee on Homeland Security and Governmental
Affairs and the Committee on Rules and Administration of the
Senate and the Committee on Homeland Security and the Committee
on House Administration of the House of Representatives a
strategy to utilize the information collected under this
subsection for countering malicious cyber activity.''.
(2) Additional duties.--
(A) Outreach strategy.--Not later than 1 year after
the date of enactment of this Act, the Director, in
consultation with the Administrator and entities
representing State, local, Tribal, or territorial
governments, shall develop and submit to the Committee
on Homeland Security and Governmental Affairs and the
Committee on Rules and Administration of the Senate and
the Committee on Homeland Security and the Committee on
House Administration of the House of Representatives an
outreach strategy to local, Tribal, and territorial
governments and other publicly controlled entities as
determined by the Director to inform and support
migration to the .gov domain, which shall include--
(i) stakeholder engagement plans; and
(ii) information on how migrating
information technology systems to the .gov
domain is beneficial to that entity, including
benefits relating to cybersecurity and the
supporting services offered by the Federal
Government.
(B) Reference guide.--Not later than 1 year after
the date of enactment of this Act, the Director, in
consultation with the Administrator and entities
representing State, local, Tribal, or territorial
governments, shall develop and publish on a publicly
available website a reference guide for migrating
online services to the .gov domain, which shall
include--
(i) process and technical information on
how to carry out a migration of common
categories of online services, such as web and
email services;
(ii) best practices for cybersecurity
pertaining to registration and operation of a
.gov domain; and
(iii) references to contract vehicles and
other private sector resources vetted by the
Director that may assist in performing the
migration.
(C) Security enhancement plan.--Not later than 1
year after the date of enactment of this Act, the
Director shall develop and submit to the Committee on
Homeland Security and Governmental Affairs and the
Committee on Rules and Administration of the Senate and
the Committee on Homeland Security and the Committee on
House Administration of the House of Representatives a
.gov domain security enhancement strategy and
implementation plan on how to improve the cybersecurity
benefits of the .gov domain during the 5-year period
following the date of enactment of this Act, which
shall include--
(i) a modernization plan for the
information systems that support operation of
the .gov top-level domain, such as the
registrar portal, and how these information
systems will remain current with evolving
security trends;
(ii) a modernization plan for the structure
of the .gov program and any supporting
contracts, and how the program and contracts
can remain flexible over time so as to take
advantage of emerging technology and
cybersecurity developments; and
(iii) an outline of specific security
enhancements the .gov program intends to
provide to users during that 5-year period.
(3) Technical and conforming amendment.--The table of
contents in section 1(b) of the Homeland Security Act of 2002
(Public Law 107-196; 116 Stat. 2135) is amended by inserting
after the item relating to section 2214 the following:
``Sec. 2215. Duties and authorities relating to .gov domain.''.
(c) Homeland Security Grants.--Section 2008(a) of the Homeland
Security Act of 2002 (6 U.S.C. 609(a)) is amended--
(1) in paragraph (13), by striking ``and'' at the end;
(2) by redesignating paragraph (14) as paragraph (15); and
(3) by inserting after paragraph (13) the following:
``(14) migrating any online service (as defined in section
3 of the DOTGOV Online Trust in Government Act of 2019) to the
.gov domain; and''.
SEC. 5. REPORT.
Not later than 1 year after the date of enactment of this Act, and
every 2 years thereafter for 4 years, the Director shall submit a
report to or conduct a detailed briefing for the Committee on Homeland
Security and Governmental Affairs and the Committee on Rules and
Administration of the Senate and the Committee on Homeland Security and
the Committee on House Administration of the House of Representatives
on the status of--
(1) the outreach strategy described in section 4(b)(2)(A);
(2) the security enhancement strategy and implementation
plan described in section 4(b)(2)(C);
(3) the inventory described in 2215(f) of the Homeland
Security Act of 2002, as added by section 4(b) of this Act; and
(4) the supporting services described in section 2215(c)(1)
of the Homeland Security Act of 2002, as added by section 4(b)
of this Act.; and
(5) the development, assessment, and determination of the
amount of any fees imposed on new .gov domain registrants or
annual renewals of .gov domains in accordance with section
2215(d) of the Homeland Security Act of 2002, as added by
section 4(b) of this Act.
SEC. 6. TRANSITION.
(a) There shall be transferred to the Director the .gov internet
domain program, as operated by the General Services Administration
under title 41, Code of Federal Regulations, on the date of enactment
of this Act.
(b) Not later than 30 days after the date of enactment of this Act,
the Director shall submit a plan for the operational and contractual
transition of the .gov internet domain program to the Committee on
Homeland Security and Governmental Affairs and the Committee on Rules
and Administration of the Senate and the Committee on Homeland Security
and the Committee on House Administration of the House of
Representatives.
(c) Not later than 120 days after the date of enactment of this
Act, the Director shall begin operationally administering the .gov
internet domain program, and shall publish on a publicly available
website the requirements for domain registrants as described in section
2215(b) of the Homeland Security Act of 2002, as added by section 4(b)
of this Act.
(d) On the date of publication for the requirements in subsection
(c) of the requirements for domain registrants under subsection (c),
the Administrator shall rescind the requirements in part 102-173 of
title 41, Code of Federal Regulations.
(e) During the 5-year period beginning on the date of enactment of
this Act, any fee charged for new .gov domain registrants or annual
renewals of .gov domains shall be not more than the amount of the fee
charged for such registration or renewal as of October 1, 2019.
Calendar No. 401
116th CONGRESS
2d Session
S. 2749
[Report No. 116-192]
_______________________________________________________________________
A BILL
To provide requirements for the .gov domain, and for other purposes.
_______________________________________________________________________
January 6, 2020
Reported with amendments