Email Digital Signatures – Do you know who it’s from?

Email Digital Signatures – Do you know who it’s from?

Is Your Email Secure?

Email is ubiquitous with business operations and we’ve established routines and habits for it’s use. But, is the way we use it really trustworthy? How do I know the email you send me is really from you? Regular emails can be spoofed at will, with the ‘from’ address changed to any that might be suitable to fool me.

Digital Signatures

Digital signatures are the solution to this problem, and are inferred as part of the requirements for NIST SP 800-171 compliance. For individuals, a digital email signing certificate can be obtained for free, or at reasonable costs with just a credit card (also referred to as S/MIME certificates). There are, however, different levels of trust associated with these certificates and those differences are important to understand. A basic email signing certificate (free or low cost) only confirms that the email address is associated with the certificate. It does not confirm the identity of the user.
The U.S. government recognizes certificates that it issues to its workforce and contractors, and the burden of proof is substantial as is the verification of trust; one can be certain that the owner of the certificate is the sender of the email. But, what about those hoping to do business with the government and protect potential contract information?


There is a U.S. Government program called External Certificate Authority (ECA) that allows organizations to acquire validated digital email certificates for their employees and members. These certificates carry the same burden of proof and verification of trust. They can also be used to protect, via encryption, email correspondence and associated information. The ECA certificate program is another step to NIST SP 800-171 and DFARS Clause 7012 Compliance.
Contact us to learn more.
Dan B
Assured Bridge – Compliance as a Service
Dan bjorklund - cyber security specialist

Daniel Bjorklund


With over 30 years of experience, Daniel Bjorklund is a dedicated information security practitioner, mentor and innovator. He serves as a principal vCISO at Assured Bridge, helping to mature and guide compliance-as-a-service and managed security service provider operations. He is also active in the startup and entrepreneurial communities in the Augusta, GA area, helping set firm cybersecurity foundations for new companies and efforts.

Dan is a current CISSP and holds a Master of Science degree in Information Assurance and Security and a Bachelor of Science degree in Information Technology. When not hunched in front of a computer, Dan can often be found above 3000 feet avoiding highway traffic, flying his airplane as a licensed pilot. He and his wife enjoy outdoor activities, biking, fishing and sightseeing in the Southeastern United States.

Search our Blog
Subscribe to our Newsletter
We’ve got a lot of good info to share! Sign up for the Assured Bridge newsletter and receive tips on how to remain compliant with Federal CUI standards.