Recommended reading

Key resources

1. DOTGOV Act: Our authorizing authority that everyone should read at least once. As laws go it’s highly readable and motivating.
2. Everything on get.gov
   1. Blog posts and product updates will give you a good idea of how our project has progressed over time
3. Paperwork Reduction Act: this law imposes procedural requirements on agencies that wish to collect information from the public, and is relevant to our user research efforts and the forms we have on get.gov
   1. pra.digital.gov provides an comprehensive overview
   2. Erie Meyer, a long-time civic technologist, published an excellent Medium article on this
4. 21st Century Integrated Digital Experience Act (IDEA): this law requires all executive branch agencies to modernize their websites, digitize services and forms, improve customer experience, and standardize and transition to centralized shared services.
5. Section 508: Section 508 is a amendment to the existing Rehabilitation Act of 1973 that requires federal agencies to make digital services accessible and provides a set a guidelines and best practices to adhere to the amendment
6. US Web Design System Guidelines: USWDS is a design system that federal agencies must adhere to
7. .gov Design System Guide: The .gov Design System is based off of USWDS but with our own styles, custom components, and patterns. Note that this guide is a work in progress.
8. DHS Style Guide: CISA is a part of DHS, and we do our best to adhere to DHS’s style and brand guidelines. There is also a CISA guide, though it requires access to the CISA network (and it is also geared more to publications than online products.)

Additional relevant reading

The resources below are materials that have a direct impact on the .gov Top-Level Domain (TLD) program and its information system. While this may be a lot of reading, it is important to note that most material can be "skimmed" to the sections relevant to your interests. These should be seen as knowledge resources and not necessarily as start-to-finish novels.

Statutory

Publications of enacted statute or codified laws.

• Federal Information Security Modernization Act of 2014
  • The law in which federal executive branch departments and agencies are provided an Information Technology (IT) budgeting framework.
  • Departments and agencies are responsible for budgeting for the resources necessary to ensure for cost-effective information security programs.
  • This law also establishes NIST for the development of standards, guidelines, frameworks, or other publications for departments or agencies to implement unique to their organizations.
  • Some sections are dated due to changes in administration priorities.
• FedRAMP Authorization Act
  • The law that establishes the roles, responsibilities, and eligibility for departments or agencies to procure assessed and authorized commercial cloud computing products or services.
  • Some sections are dated due to changes in administration priorities.
• DOTGOV Act of 2020
  • This is the "enrolled bill", or the version that passed Congress. It's the version of the law that's easiest to read in totality.
  • The DOTGOV Act was part of the Consolidated Appropriations Act, 2021 and is codified at 6 U.S.C. 665.
  • (Each of these 3 links to different versions of the DOTGOV Act are essentially the same text! Sharing all of them simply for context.)

Regulatory

Requirements issued to implement, a directive by the President, or instructions and implementation guidance for specific management priorities or legislative requirements.

Circulars

View the complete list of Circulars here.

• OMB Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal Control
  • Guidance to Federal Managers on improving the accountability and effectiveness of Federal programs and operations by identifying and managing risks, establishing requirements to assess, correct, and report on the effectiveness of internal controls.
• OMB Circular A-130, Managing Information as a Strategic Resource
  • A-130 is the implementation of FISMA, and assigns Senior Agency Officials specific roles and responsibilities within an organization.
  • This circular also describes, at a high level, how the government is to safeguard federal information, and how to design and implement government software applications and systems. 

Memorandums

• M-22-09, Moving the U.S. Government Toward Zero Trust Cybersecurity Principles
  • Page 19, the section titled "Discovering internet-accessible applications".
  • See also https://search.gov/about/policy/govt-urls.html
• M-23-10, The Registration and Use of .gov Domains in the Federal Government"
  • OMB policy released to meet 6 USC 665(d)(1), it governs only federal executive branch agency requests/domains.
• M-24-15, Modernizing the Federal Risk and Authorization Management Program (FedRAMP)
  • Describes the roles, responsibilities, and implementation of the FedRAMP Authorization Act.
  • Established the scope for commercial Cloud Service Providers (CSP) and Cloud Services Offerings (CSO).
  • Further describes the out-of-scope cloud services, such as social media or other solutions that are not procured and do not store federal information.

Operations

• Everything on https://get.gov/, but particularly all the content on https://get.gov/domains, our recent blog posts, and the domain data. (Shout out that https://get.gov/domains/executive-branch-guidance/ is related to M-23-10.)
• The performance work statement for our contract with Cloudflare. The first 6 sections are salient to for the product team.
• A Census Bureau document that describes the GMAF, or the Government Master Address File. Census conducts a quinquennial "census of governments") about the makeup of non-federal government orgs in the US and maintains the File. GMAF is not public but a cut of it is.
  • This is largely the same as the front matter of the Census's Individual State Report, which summarizes the census of governments on a per-state level. This report is more than 300 pages but is really useful.

Technical standards

• EPP RFCs
• DNS Terminology RFC

Other stuff

• How DNS Works
• https://www.netmeister.org/blog/tlds.html - About TLDs (JSchauma's website has lots of really great things.)
• https://xkcd.com/2480/ - No, The Other One