Domain services

CISA interested in a protective messaging service for the .gov domain

Written by Dave Nyczepir

The Cybersecurity and Infrastructure Security Agency wants industry input on a protective messaging service that would protect the civilian .gov domain from cyber threats.

CISA is interested in a Protective Messaging Service (PES) that not only secures email traffic but also performs threat hunting and incident response, she said in a request for information (RFI ) posted to on November 17.

The agency took over the .gov domain – one of the six original top-level domains of the Internet Domain Name System – from the General Services Administration in April, as mandated by the DOTGOV Act of 2020, with the aim of making it more difficult for hackers to pose as critical infrastructure.

“The feedback will help the government refine the solution design, use cases and functional requirements; provide an overview of the scalability of the potential service (s); assist the government in determining industry segmentation by capacity and size; and provide information on current PES offerings in the federal and corporate landscape by developing a potential acquisition strategy, ”reads the RFI.

CISA hopes that vendors with a wide range of email security capabilities, who have provided similar solutions to federal agencies or businesses, will respond to the RFI.

Respondents have until December 1 to submit questions about the RFI to the GSA, with the Federal Acquisition Service being the agency responsible for the acquisition. GSA will post responses no later than the close of business on December 10, when respondents will have until December 20 to submit comments.