Email Digital Signatures – Do you know who it’s from?

How do I know the email you send me is really from you? 

%

Increase in large scale, targeted breaches in the U.S. annual average

%

 Of Organizations experienced cyber attacks on operational technology infrastructure.

Malicious Mobile apps blocked daily

Email is ubiquitous with business operations and we’ve established routines and habits for it’s use. But, is the way we use it really trustworthy?

Regular emails can be spoofed at will, with the ‘from’ address changed to any that might be suitable to fool me. Digital signatures are the solution to this problem, and are inferred as part of the requirements for NIST SP 800-171 compliance. For individuals, a digital email signing certificate can be obtained for free, or at reasonable costs with just a credit card (also referred to as S/MIME certificates). There are, however, different levels of trust associated with these certificates and those differences are important to understand. A basic email signing certificate (free or low cost) only confirms that the email address is associated with the certificate. It does not confirm the identity of the user.
The U.S. government recognizes certificates that it issues to its workforce and contractors, and the burden of proof is substantial as is the verification of trust; one can be certain that the owner of the certificate is the sender of the email. But, what about those hoping to do business with the government and protect potential contract information?
There is a U.S. Government program called External Certificate Authority (ECA) that allows organizations to acquire validated digital email certificates for their employees and members. These certificates carry the same burden of proof and verification of trust. They can also be used to protect, via encryption, email correspondence and associated information. The ECA certificate program is another step to NIST SP 800-171 and DFARS Clause 7012 Compliance.

Assured Bridge Basic

Basic Service offers a secure, compliant encrypted tunnel to connect to the Internet. It provides protection of data and information when using Free, Public or Untrusted network, WiFi and mobile connections. It ensures compliant connections filtering malware and malicious sites, threat monitoring, compliant user access, and required auditing while only allowing access to approved URL's.

Tier II

Assured Bridge Team Files

The Basic service as offered in Tier I plus Secure File Storage and Sharing for your team or organization. A protected storage environment is created that is only accessible through your VPN connection. This ensures that only you and your team have access and protects against information disclosure.

Tier III

Assured Bridge Team Collaboration Tools

The Basic & Team Files services as offered in Tier I and Tier II plus Collaboration Tools for business process management, project management and software development. A complete secure and compliant business process and file storage environment is created that is only accessible by you.

We've got a lot of good info to share...

Sign up for the Assured Bridge newsletter and receive weekly tips on how to remain compliant with Federal CUI standards.