Government Digital Service trials e-mail ‘assurance’ tool
A new tool has been developed to give public-sector workers more confidence that the e-mails they send and receive are secure
A new assurance tool developed to give public-sector staff confidence that their e-mail communications are secure is being rolled out to a pool of testers this week, a Government Digital Service leader has said.
It will monitor the way e-mail communications are sent, with particular reference to the Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC) protocols.
Nick Woodcraft, applications product manager with the GDS’s common technology services products team, said the assurance tool was part of a three-area focus on e-mail security that coincided with the shift to cloud-based e-mail services.
In a blog post this week, Woodcraft said the GDS was telling government organisations to use policy to ensure TLS was used in any e-mail exchanges over the internet including, as far as possible, when talking to people outside government. But he added that system users also needed assurance that security measures were in place.
“When you send or receive an e-mail you don’t get any indication of how it was sent, and the people looking after the servers get limited information,” he said.
“Although TLS and DMARC are widely supported open protocols, the nature of the Simple Mail Transfer Protocol on which e-mail is built makes it difficult to get assurance about their implementation.
“To provide this we are building a tool to monitor TLS and DMARC use across government, providing a way to check if a service is secure. It will give you a dashboard of the domains in your organisation, a way to check whether an e-mail sent between two domains should be secure, and a whitelist of domains that are set up securely.”
Woodcraft said the tool had already undergone some user testing and was being made available to a “limited number” of people this week before a full launch.
Last week the Cabinet Office published new guidance for anyone setting up e-mail services for government organisations.
Government issues edict instructing public bodies to move email and websites to gov.uk and other new domains
Victoria Cetinkaya of the Information Commissioner’s Office gives the organisation's top tips for government tech and data chiefs to ensure they are ready for new regulation next year
An of commentators from tech businesses and industry bodies offer their thoughts on Philip Hammond's Budget
A comprehensive round-up of a wide range of measures that commit more funding, create new bodies and programmes, and change the legislative landscape of public sector technology