Thomas McDermott, the Department of Homeland Security’s deputy assistant secretary for cyber policy, recently said that more and more federal agencies are complying with the requirements of Binding Operational Directive 18-01, Federal News Network reported Tuesday.
The DHS issued BOD 18-01 on Oct. 16, 2017, requiring government agencies to implement a variety of cybersecurity policies including Domain-Based Message Authentication, Reporting and Conformance, an email security protocol.
DMARC makes it difficult to carry out email spoofing attacks by helping validate the authenticity of an incoming message. The protocol can block messages that fail the validation process and generate reports about such incidences.
An agency is in full compliance with BOD 18-01 if it has set DMARC to automatically block fake emails and has enabled the automatic transmission of reports to the DHS.
McDermott admitted that agencies adopting DMARC would not eliminate email-based attacks or threats.
Nevertheless, taking such steps have “meaningfully reduced exposure and risk to individual agencies, to the federal enterprise, and to the larger ecosystem,” McDermott noted.