In the course of our ongoing S/MIME series, we discussed what S/MIME is, why it is important, and how it protects users from certain types of e-mail-based attacks can be protected . We also discussed how companies can comply with data protection and security regulations in this way how to ensure HIPAA.
Most people have heard of HIPAA. After all, health care is important to almost everyone. However, it is likely that less of the Defense Federal Acquisition Regulation supplement, better known as DFARS . The regulation is designed to protect controlled, unclassified information in non-federal systems and organizations. In essence, this is not unlike what HIPAA was designed for, except that DFARS protects, rather than protects, national security and defense information.
The defense industry perceives the threat of cyber attacks very strongly. Defense-related intellectual property, such as designs for American military goods, are incredibly valuable targets. Government agencies have been forced to improve their cyber defense capabilities and use their considerable resources to protect vulnerabilities against possible attacks. In response, cybercriminals have increasingly focused on defense companies to gain access to information of strategic national importance.
While defense companies are hardly easy targets themselves, DFARS creates enforceable regulations to ensure that sensitive information is handled with the right care and security. By supplementing the original Defense Federal Acquisition Regulation, which requires encryption of all data at rest or during transmission, DFARS creates a security basis that all contractors must comply with. Because armaments companies are just as indispensable to email as any other industry, effective encryption tools must be put in place before doing business with the government.
As with HIPAA, this requirement does not require the use of email certificates, but is the best way to get there. Certificate-protected e-mails remain encrypted in the recipient's inbox from the moment they leave the sender until they open and encrypt the data transmitted over the Internet and all associated mail servers. In addition, emails and attachments stored on mail servers are also encrypted when idle to ensure full compliance with DFARS.
S/MIME certificates make DFARS compliance so easy as possible. Comprehensive end-to-end encryption guarantees S/MIME the protection of critical information transmitted by email and the proper provisions of the federal regulations.