Skip Maine state header navigation

Agencies | Online Services | Help

State of Maine Seal

Maine State Government

Dept. of Administrative & Financial Services

Office of Information Technology

 

 

State of Maine Domain Name Management Policy 

I. Statement

State Executive Branch agencies will use Office of Information Technology (OIT) approved world wide web domain names that promote and protect the Maine.gov brand.  Maine.gov is the primary, outwardly facing domain name because it builds brand recognition and assures users that they are interacting with the State of Maine.

II. Purpose

Establishing and protecting the Maine.gov brand ensures the citizens and customers of the State of Maine that they are using the official Maine State Government web site.  It further assures that the policies and standards of the State of Maine are employed, including protections such as privacy, security and accessibility for all Maine citizens.  Unmanaged use of domain names can result in spoofed webpage sites, expired domain names and general confusion as to who is responsible for a site and its services. 

 

This policy provides leadership and guidance to executive branch agencies and others with regard to domain names and the challenges inherent in maintaining a presence on the World Wide Web.  It provides the blueprint and over-arching structure for a mechanism by which domain names can be centrally coordinated, facilitated, and managed.  A desired outcome is a ‘one-stop shop’ designed to support State agencies in implementing the on-line business services of State government.

 

The dotgov domain provides the official and trusted Internet presence for governmental entities in the United States.  By conforming to this national domain name approach the State of Maine is able to establish a responsible Internet presence that its citizens and others can rely on.

 

Additionally this policy encourages and promotes the use of the Maine.gov brand, and the protection of the Maine.gov brand.  Visitors to Maine.gov, and recipients of its services can thus be assured they are interacting with the State of Maine because of the restrictions (www.dotgov.gov) placed on the dotgov namespaces by the United States General Services Administration.

III. Applicability

This policy is intended to manage the acquisition and use of all domain names by

 

1)      Executive Branch and semi-autonomous State agencies irrespective of where their sites are hosted and

2)      Agencies from other Maine State government branches that are hosted on computer devices operated by the Office of Information Technology or that traverse the State’s wide area network.

 

This policy permits and encourages cooperation with the other branches of Maine government in the coordination of domain name services.  This cooperation includes municipalities and counties who elect to participate.

IV. Responsibilities

A. Chief Information Officer (CIO) - Title 5, Maine Revised Statutes, Chapter 163 §1973, Section 1, Paragraph B authorizes the CIO to “set policies and standards for the implementation and use of information and telecommunications technologies,” et seq.

B. The General Services Administration’s Final Rule (41 CFR Part 1020173), issued in March 2003, established a basis to permit dotgov domain services for state and local governments.[1]  This rule also established conforming name protocols for URLs in the Gov domain.  Within this rule the authority for states is defined to be the Office of the Governor or the highest-ranking information technology official.  For the State of Maine, the CIO appointed by the Governor has been assigned the rights to administer several second-level dotgov domain names, the most important of these being Maine.gov and Me.gov.  The CIO must sign authorization letters for all State of Maine domain requests.

1. The CIO directs e-Government Services (hereinafter referred to as eGov Services) to implement the provisions of this policy.

2. The CIO authorizes eGov Services to make limited, appropriate exceptions to this policy through a waiver process.

C. In support of the above, the CIO will:

1. Establish standards to ensure that domain names requested will not create misunderstandings about the purpose of domains and their web site content. 

2. Create and manage the Enterprise Domain Name Registry as a central place for the acquisition and administration of domain names at the State of Maine. 

3. Arbitrate domain name issues and deny domain name requests that do not adequately meet standards and procedures.

4. Monitor domain name usage for compliance with standards.

5. Recommend termination of web sites that are not in compliance.

 

D. Agencies will:

1. Submit an application for the approval and registration of a web site domain name prior to creating a new web site.  See procedure associated with this policy.

2. Non Executive Branch agencies must register if they wish to use any dotgov domain name.

3. Adhere to the standard associated with this policy.

V. Guidelines & Procedures

1. Maine.gov is the primary, outwardly facing domain name for State of Maine services.  The use of alternative domain names obscures the true source of services and therefore should be avoided in all but the most exceptional circumstances.  The CIO will require significant justification in a request to use an alternative domain name.  See standards and procedures associated with this policy.

VI. Definitions

1. Alternative domain names - These are domain names that do not end with “.gov” or “me.us”.  Generally this refers to those domain names that end with “.Com”, “.Org”, “.Net” etc …. 

2. Domain - A region of jurisdiction on the Internet for naming assignment.  The General Services Administration (GSA) is responsible for registrations in the dotgov domain.

3. Domain Name - A name assigned to an Internet server that locates the organization or entity on the Internet.  The ‘.gov’ part of the domain name reflects the governmental purpose of the organization.  The ‘.gov’ part is called the Top-Level Domain name.  The Second-Level Domain name to the left of ‘.gov’ identifies the governmental entity, in our case the State of Maine (i.e., Maine.gov).  Internet Domain Name servers have registries of Internet Protocol (IP) address numbers that related to the readable text name.  These names are used to promote government services and to increase the ease of finding these services.

4. Domain Name System  (DNS) - The Domain Name System (DNS) helps users find their way around the Internet. Every computer on the Internet has a unique address called its "IP address" (Internet Protocol address). Because IP addresses (which are strings of numbers) are hard to remember, the DNS allows a familiar string of letters (the "domain name") to be used instead. So rather than typing "208.34.181.15," you can type www.maine.gov.

5. Dotgov - This refers to the subscript of those domains ending with “.gov”.   The dotgov domain hosts only official, government sites at the federal-, state- and local-government levels, including federally recognized Indian tribes, known as Native Sovereign Nations (NSNs).  The dotgov domain provides the official and trusted Internet presence for these government entities. Under the rules administered by the United States General Service Administration, the State of Maine’s Chief Information Officer has been assigned the rights to administer several second-level dotgov domain names.  The most important of these are Maine.gov and Me.gov.

6. ICANN - The Internet Corporation for Assigned Names and Numbers (ICANN) is an internationally organized, non-profit corporation that has responsibility for Internet Protocol (IP) address space allocation, protocol identifier assignment, generic (gTLD) and country code (ccTLD) Top-Level Domain name system management, and root server system management functions. These services were originally performed under U.S. Government contract by the Internet Assigned Numbers Authority (IANA) and other entities. ICANN now performs the IANA function.  http://www.icann.org/.

7. Namespace - The domain name system is hierarchical by definition.  If one picks a place in the hierarchical tree then a reference to its namespace is everything that is or could be taxonomically categorized to belong below it.  For example, maine.gov is in the dotgov namespace, or megis.maine.gov is in the maine.gov namespace, which in turn is in the dotgov namespace. 

8. Registrar - A registrar is a business that has the ability to register domain names on behalf of anyone interested in obtaining a domain name. Registrars must be accredited by ICANN and may only be allowed to register certain top-level domain names. The registrar must maintain domain name record information about each domain name and manage registration, expiration, re-registration, and NIC fee collection processes.

9. Second-level and third-level domains - The domain name system is designed as a hierarchy. The root is the highest level of the hierarchy, followed by the top-level domain followed by the second-level domain, then the third level domain. For example, for the domain "dept.maine.gov", “dept” is the third-level domain, "maine" is the second-level domain, "gov" is the top-level domain, and the "." is the root.

10. Semi-autonomous State Agency – An agency created by an act of the Legislative Branch that is not a part of the Executive Branch.  This term does not include the Legislative Branch, Judicial Branch, Office of the Attorney General, Office of the Secretary of State, Office of the State Treasurer and Audit Department.

11. TLD - Top-Level Domain

12. Top-level domain - A top-level domain represents the last part of a domain name.  For example, the domain name "findmyhosting.com", the TLD is ".com".  The domain name system is designed as a hierarchy. The root is the highest level of the hierarchy, followed by the top-level domain, then followed by the second-level domain. For example, for the domain "maine.gov", "maine" is the second-level domain, "gov" is the top-level domain, and the "." is the root.

13. Webpage spoofing – “Webpage spoofing” is also known as phishing. In this attack, a legitimate web page such as a bank's site is reproduced in "look and feel" on another server under control of the attacker. The intent is to fool the users into thinking that they are connected to a trusted site, for instance to harvest user names and passwords.  This attack is often performed with the aid of URL spoofing, which exploits web browser bugs in order to display incorrect URLs in the browsers location bar; or with DNS cache poisoning in order to direct the user away from the legitimate site and to the fake one. Once the user puts in their password, the attack-code reports a password error, and then redirects the user back to the legitimate site.

VII. References

1. State of Maine Domain Name Management Standard

2. State of Maine Domain Name Management Procedure

VIII. Document Information

1.  Document Reference Number: 9

 

2.  Category: Internet

 

3.  Adoption Date:  March 1, 2007

 

4.  Effective Date:  March 1, 2007

 

5.  Review Date: March 1, 2010

 

6.  Point of Contact: Paul Sandlin, Office of Information Technology (207) 624-9427

 

7. Approved By: Richard B. Thompson, Chief Information Officer

 

8.  Position Title(s) or Agency Responsible for Enforcement:  Paul Sandlin, Office of Information Technology (207) 624-9427

 

9.  Legal Citation:  Title 5, Maine Revised Statutes, Chapter 163 §1973, Section 1, Paragraph B authorizes the CIO to “set policies and standards for the implementation and use of information and telecommunications technologies

 

10.  Waiver Process:  Waiver requests must be submitted in writing to the Associate Chief Information Officer.