Government Digital Service trials e-mail ‘assurance’ tool

Written by Jim Dunton on 24 February 2016 in News
News

A new tool has been developed to give public-sector workers more confidence that the e-mails they send and receive are secure

A new assurance tool developed to give public-sector staff confidence that their e-mail communications are secure is being rolled out to a pool of testers this week, a Government Digital Service leader has said.

It will monitor the way e-mail communications are sent, with particular reference to the Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC) protocols. 

Nick Woodcraft, applications product manager with the GDS’s common technology services products team, said the assurance tool was part of a three-area focus on e-mail security that coincided with the shift to cloud-based e-mail services.


Related content

Government Digital Service calls in "hackers" to test its platform
Using lessons from Government Digital Service to the Greater London Authority


In a blog post this week, Woodcraft said the GDS was telling government organisations to use policy to ensure TLS was used in any e-mail exchanges over the internet including, as far as possible, when talking to people outside government. But he added that system users also needed assurance that security measures were in place. 

“When you send or receive an e-mail you don’t get any indication of how it was sent, and the people looking after the servers get limited information,” he said. 

“Although TLS and DMARC are widely supported open protocols, the nature of the Simple Mail Transfer Protocol on which e-mail is built makes it difficult to get assurance about their implementation.

“To provide this we are building a tool to monitor TLS and DMARC use across government, providing a way to check if a service is secure. It will give you a dashboard of the domains in your organisation, a way to check whether an e-mail sent between two domains should be secure, and a whitelist of domains that are set up securely.”

Woodcraft said the tool had already undergone some user testing and was being made available to a “limited number” of people this week before a full launch.

Last week the Cabinet Office published new guidance for anyone setting up e-mail services for government organisations. 
 

Share this page

Tags

Categories

Add new comment

Related Articles

Public sector given March 2019 deadline to ditch .gsi domains and move to public cloud
9 November 2017

Government issues edict instructing public bodies to move email and websites to gov.uk and other new domains

What all public-sector IT leaders need to know to be ready for GDPR
25 September 2017

Victoria Cetinkaya of the Information Commissioner’s Office ​gives the organisation's top tips for government tech and data chiefs to ensure they are ready for new regulation next year

‘Running towards change’ – government uses Budget to bet big on digital and data
22 November 2017

A comprehensive round-up of a wide range of measures that commit more funding, create new bodies and programmes, and change the legislative landscape of public sector technology