PublicTechnology

Government Digital Service trials e-mail ‘assurance’ tool

Jim Dunton February 24, 2016 in Government and politics, Science, technology and research Tagged , - 2 Minutes

A new tool has been developed to give public-sector workers more confidence that the e-mails they send and receive are secure

A new assurance tool developed to give public-sector staff confidence that their e-mail communications are secure is being rolled out to a pool of testers this week, a Government Digital Service leader has said.

It will monitor the way e-mail communications are sent, with particular reference to the Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC) protocols. 

Nick Woodcraft, applications product manager with the GDS’s common technology services products team, said the assurance tool was part of a three-area focus on e-mail security that coincided with the shift to cloud-based e-mail services.

Related content

Government Digital Service calls in “hackers” to test its platform
Using lessons from Government Digital Service to the Greater London Authority

In a blog post this week, Woodcraft said the GDS was telling government organisations to use policy to ensure TLS was used in any e-mail exchanges over the internet including, as far as possible, when talking to people outside government. But he added that system users also needed assurance that security measures were in place. 

“When you send or receive an e-mail you don’t get any indication of how it was sent, and the people looking after the servers get limited information,” he said. 

“Although TLS and DMARC are widely supported open protocols, the nature of the Simple Mail Transfer Protocol on which e-mail is built makes it difficult to get assurance about their implementation.

“To provide this we are building a tool to monitor TLS and DMARC use across government, providing a way to check if a service is secure. It will give you a dashboard of the domains in your organisation, a way to check whether an e-mail sent between two domains should be secure, and a whitelist of domains that are set up securely.”

Woodcraft said the tool had already undergone some user testing and was being made available to a “limited number” of people this week before a full launch.

Last week the Cabinet Office published new guidance for anyone setting up e-mail services for government organisations. 
 

Related Posts

GDS founder part of crack team brought in to advise Labour on HMRC modernisation
April 22, 2024
Whitehall CTOs agree ‘principles and guardrails’ for government mobile app strategy to be published next year
April 19, 2024
World’s ‘most advanced humanoid robot’ moves to Edinburgh
April 19, 2024

Jim Dunton

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *

Newsletter Signup
Processing...
Thank you! Your subscription has been confirmed. You'll hear from us soon.
Subscribe to our newsletter
ErrorHere