Over the course of our ongoing S/MIME series, we’ve discussed what S/MIME is, why it’s important, and how it can protect users from certain types of email-based attacks. We’ve also discussed how it can help organizations ensure compliance with privacy and security regulations such as HIPAA
Most people have heard of HIPAA. After all, health care is important to almost everyone. However, it’s likely that fewer have heard of the Defense Federal Acquisition Regulation Supplement, better known as DFARS . The regulation is designed to protect controlled, unclassified information in non-federal systems and organizations. At its core, this is not dissimilar to what HIPAA was designed to do, except that DFARS protects national security and defense information instead of protecting
The threat of cyberattacks is very much felt by the defense industry. Defense-related intellectual property, such as designs for U.S. military equipment, are incredibly valuable targets. Government agencies have been forced to improve their cyber defense capabilities and use their considerable resources to protect vulnerabilities against potential attacks. In response, cybercriminals have increasingly focused on defense contractors to gain access to information of strategic national importance.
While defense contractors themselves are hardly easy targets, DFARS creates actionable regulations to ensure that sensitive information is handled with proper care and security. By adding to the original Defense Federal Acquisition Regulation requiring encryption of all data at rest or in transit, DFARS creates a security baseline that all contractors must adhere to. Because email is as essential to defense contractors as it is to any other industry, effective encryption tools must be put in place before doing business with the government.
Like HIPAA, this regulation does not mandate the use of email certificates, but it is the best way to accomplish the goal. Certificate-protected emails remain encrypted from the time they leave the sender until they are opened in the recipient’s inbox, encrypting the data that is transmitted over the Internet and any associated mail servers. In addition, emails and attachments stored on mail servers are also encrypted at rest to ensure full compliance with DFARS.
The security protocols associated with the defense industry can be challenging, but S/MIME certificates make DFARS compliance as easy as possible. With comprehensive end-to-end encryption, S/MIME ensures complete protection of critical information transmitted via email and proper compliance with federal regulations.