The Department of Homeland Security has released a new directive that seeks to help federal agencies protect emails and websites from cyber threats through the adoption of security protocols.
DHS will direct federal agencies to deploy the Domain-Based Message Authentication, Reporting and Conformance – DMARC – protocol within the next 90 days under the new binding operational directive in order to prohibit the potential use of government email domains by phishers and scammers in cyber attacks, the Global Cyber Alliance said Monday.
Jeanette Manfra, assistant secretary for DHS’ office of cybersecurity and communications, announced the new agency directive at a GCA-hosted cybersecurity roundtable.
“It is critical that U.S. citizens can trust their online engagements with all levels of the federal government,” Manfra said at the event.
The new rule also requires agencies to use Hypertext Transfer Protocol Secure or HTTPS for all federal websites within the next 120 days in an effort to secure connections between the government and citizens.
“If the U.S. government can deploy DMARC across more than 1,300 domains, then we should expect the same of the companies on which we depend,” said Phil Reitinger, GCA president and CEO.
Agencies should also configure their web-facing mail servers to offer the STARTTLS protocol as well as their second-level agency domains to have valid DMARC/Sender Policy Framework records within 90 days.
STARTTLS seeks to facilitate encryption of emails in transit, while SPF aims to speed up detection of unauthorized emails by enabling a sending domain to watermark emails.