Posted on Leave a comment

Email Digital Signatures – Do you know who it’s from?

Is Your Email Secure?

Email is ubiquitous with business operations and we’ve established routines and habits for it’s use. But, is the way we use it really trustworthy? How do I know the email you send me is really from you? Regular emails can be spoofed at will, with the ‘from’ address changed to any that might be suitable to fool me.

Digital Signatures

Digital signatures are the solution to this problem, and are inferred as part of the requirements for NIST SP 800-171 compliance. For individuals, a digital email signing certificate can be obtained for free, or at reasonable costs with just a credit card (also referred to as S/MIME certificates). There are, however, different levels of trust associated with these certificates and those differences are important to understand. A basic email signing certificate (free or low cost) only confirms that the email address is associated with the certificate. It does not confirm the identity of the user.
The U.S. government recognizes certificates that it issues to its workforce and contractors, and the burden of proof is substantial as is the verification of trust; one can be certain that the owner of the certificate is the sender of the email. But, what about those hoping to do business with the government and protect potential contract information?

ECA

There is a U.S. Government program called External Certificate Authority (ECA) that allows organizations to acquire validated digital email certificates for their employees and members. These certificates carry the same burden of proof and verification of trust. They can also be used to protect, via encryption, email correspondence and associated information. The ECA certificate program is another step to NIST SP 800-171 and DFARS Clause 7012 Compliance.
Contact us to learn more.
Dan B
Assured Bridge – Compliance as a Service

Certified Information System Security Professional Daniel Bjorklund is the information assurance and cybersecurity subject matter expert for Assured Bridge LLC, a company specializing in cybersecurity compliance solutions. With over 20 years’ experience in U.S. military intelligence and security operations, plus significant involvement in government, commercial and private sector cybersecurity initiatives, Dan has comprehensive knowledge of today’s rapidly-evolving cyber-dependent world. A recently-licensed pilot and amateur radio operator, Dan lives with his wife in South Carolina.
Dan can be found on LinkedIn (https://www.linkedin.com/in/dbjorklundcissp/) and Twitter (https://twitter.com/IASE_at_large)

Leave a Reply

Your email address will not be published. Required fields are marked *