SIMM 40B – Internet Domain Name Taxonomy FAQs

May 2023

Technology Letter (TL)17-05 announced State Administrative Manual (SAM) Section 5195 and State Information Management Manual (SIMM) Section 40A Internet Domain Name Taxonomy. This policy informs agencies/state entities of the California Department of Technology’s (CDT) jurisdiction to administer “ca.gov” domain names.

In November 2021 TL- 21-02 was published to announce the updates to the SAM Sections 5195 and 5195.1 and SIMM Sections 40A and 40B.

Here are answers to some frequently asked questions.

1. What has changed for me with the revised requirements?

A: The United States Cybersecurity and Infrastructure Security Agency (CISA) took over domain name policy responsibility from the United States General Services Administration (GSA) in 2021. While the majority of rules have not substantially changed, they have been further clarified by CISA. SAM and SIMM have been updated accordingly, further integrating federal and state-specific policies. It would be best to review SAM 5195.1 for a bulleted list of the revised requirements.

2. Where can I find revised requirements?

A: Please see SAM 5195.1.

3. Is there anything I need to do if I already have a “ca.gov” domain registered with the Department of Technology?

A: Yes, please log in to the domainnamerequest.cdt.ca.gov website and verify that correct contacts are listed for your domain. If not, please add/edit/delete contacts accordingly. If you are an official contact but do not yet have access to edit your domains on this system, select “Join an existing domain.” Once your join request is confirmed, you will have access to edit contacts.

4. How often do I need to provide a status of the domain and contacts?

A: Annually. There is a recertification process that must be completed to ensure all requirements are met in order to continue using the “ca.gov” domain. An email reminder will be sent to Administrative and Technical contacts on file in the Domain Name Request system. The online recertification must be completed according to the instructions provided in order for the domain name to remain valid for the following year.

5. What if my existing domain is not compliant with the Internet Domain Name Taxonomy nomenclature standards?

A: Existing domains will be exempted. As with all existing domains, re-certification is required each year to validate the existing domain is in use, the website (if applicable) and contacts are current and certify compliance with federal and state policies and guidelines. Here are rules for some unique situations that you may encounter:

    • If you have a non-compliant domain, and want to request a compliant domain:
      • You will be granted the new, compliant domain if you phase out the existing non-compliant domain within one year from the date that your new domain is approved.
    • If you already have both a non-compliant domain and a compliant domain:
      • You may keep both, but you are encouraged to phase out the non-compliant domain within one year.
    • If you already have one or more non-compliant domains:
      • You may keep them, but you are encouraged to phase out non-compliant domains within one year, and instead use subdirectories (i.e. dmv.ca.gov/xxxx) or subdomains (i.e. xxxx.dmv.ca.gov) going forward, as defined in SIMM 40A.

6. Why is the Domain Name Request system separate from CDT’s IT Services Portal?

A: The system provides the following functions outside of the IT Services Portal:

    • Provides self-service access to instantly check if a domain is available before deciding if opening a CDT IT Services Portal account is right for you.
    • To instantly check if any domain is available instead of waiting for a representative to respond on each.
    • Enables you to easily check and update the official contacts for your domain.
    • To view and update who is authorized to make changes to your domain.
    • Provides prompts to help guide you to the proper nomenclature and to fill in required fields.
    • Sends annual reminders to your contacts to re-certify your domain.
    • Provides direct auditing access to the Government Operations Agency and the United States Cybersecurity and Infrastructure Security Agency.

7. Why doesn’t the Domain Name Request system recognize my 4th level domain (xxxx.dmv.ca.gov)?

A:The Domain Name Request system tracks only 3rd level domains (xxxx.ca.gov), which require approval and must follow nomenclature standards found in SIMM 40A. Once your 3rd level is approved, you can add 4th level domains at will, without further naming approvals. Since approvals are not needed for your 4th level domain, any requests for technical work should be directed to CDT’s IT Services Portal.

8. Apart from what I can request using the Domain Name Request system, how can I request CDT technical services, e.g., associating my domain to an IP address, alias redirects, email account setups, etc., or report an incident related to my Domain Name(s)?

A: If you have a CDT IT Services Portal login ID, you can submit a “DNS Services” request or “Report an Incident”, as applicable. If you do not have an IT Services Portal login ID, please contact the CDT Service Desk for assistance. You can also click the “Request DNS Work” button within the Domain Name Request System under the Manage Domain screen for each domain.

9. What if my “ca.gov” domain is not currently hosted by CDT?

A: Although all agencies/state entities are encouraged to have domains hosted by CDT, it is acceptable to have domains hosted elsewhere as long as they are in compliance with state and federal policies and guidelines. *A note regarding SSL certificates for “ca.gov” sites hosted by third parties: If your organization purchases an SSL certificate from a vendor for any website ending in ‘. ca.gov’, CDT will receive periodic validation requests. When you work with your vendor on an SSL cert renewal, please immediately submit a ticket via the CDT IT Services Portal. CDT cannot approve validation requests until we receive the information from a registered contact of your domain. Once logged into the portal, search for and select DNS Services, SSL cert validation, and fill out the fields. If you do not have login credentials for this portal, please use the Domain Name Request System’s “Request DNS Work” button to request access or contact CIOCESAccountSpecialists@state.ca.gov to get set up. Alternatively, SSL certificates for ca.gov domains can be obtained through CDT (provided by Sectigo), rather than a 3rd party vendor. More information is available at https://cdt.ca.gov/services/certificates/.

10. Is there a cost for CDT to host agencies/state entities domain records?

A:No. The California Domain Name Service is offered at no cost to all agencies/state entities who have an approved DNS record according to SIMM 40A.

11. A document from CIO or Equivalent is required to be submitted with the domain name request. What information is required in this document?

A: An email or other document signed by CIO or Equivalent is required to be submitted with the request stating their approval for the domain name requested. This document must clearly state the domain name being approved and the job title of the CIO or Equivalent. The system allows users to choose the document file to upload. This is a one-time requirement and does not need to be re-submitted in subsequent years.

Revised – May 2023

Expand sections
Print page