Government Digital Service trials e-mail ‘assurance’ tool
A new tool has been developed to give public-sector workers more confidence that the e-mails they send and receive are secure
A new assurance tool developed to give public-sector staff confidence that their e-mail communications are secure is being rolled out to a pool of testers this week, a Government Digital Service leader has said.
It will monitor the way e-mail communications are sent, with particular reference to the Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC) protocols.
Nick Woodcraft, applications product manager with the GDS’s common technology services products team, said the assurance tool was part of a three-area focus on e-mail security that coincided with the shift to cloud-based e-mail services.
In a blog post this week, Woodcraft said the GDS was telling government organisations to use policy to ensure TLS was used in any e-mail exchanges over the internet including, as far as possible, when talking to people outside government. But he added that system users also needed assurance that security measures were in place.
“When you send or receive an e-mail you don’t get any indication of how it was sent, and the people looking after the servers get limited information,” he said.
“Although TLS and DMARC are widely supported open protocols, the nature of the Simple Mail Transfer Protocol on which e-mail is built makes it difficult to get assurance about their implementation.
“To provide this we are building a tool to monitor TLS and DMARC use across government, providing a way to check if a service is secure. It will give you a dashboard of the domains in your organisation, a way to check whether an e-mail sent between two domains should be secure, and a whitelist of domains that are set up securely.”
Woodcraft said the tool had already undergone some user testing and was being made available to a “limited number” of people this week before a full launch.
Last week the Cabinet Office published new guidance for anyone setting up e-mail services for government organisations.
Report reveals that information has been made publicly available online via an information-sharing tool widely used by government developers
While GDPR is right to provide individuals with greater control over how their information is used, the benefits of sharing data should not be overlooked, believes Rose Lasko-Skinner of Reform
Auditor general Amyas Morse flags up three key issues that government must focus on to improve its work with private-sector suppliers
Council hopes pilot will show potential for enabling more efficient routes and timetables
The cautionary tale of the Leicestershire teenager who hacked high-ranking officials of NATO allies shows the need for improved password security
Calm has turned a section of the 57,509-word EU document into a sleep-inducing audio book