Federal guide bolsters public, private email security

Federal guide bolsters public, private email security
© Getty Images

The National Institute of Standards and Technology (NIST) published new draft guidelines on Tuesday to help businesses and government protect their email. 

ADVERTISEMENT

The Department of Commerce is well-esteemed in both the public and private sectors for security guidelines; its highly customizable cybersecurity framework is promoted by the Chamber of Commerce and federal agencies alike.

Email security is a core issue in preventing phishing attacks and espionage. It includes everything from securing email from prying eyes to verifying that emails actually come from the account holder of the email address listed in the "from" field. 

“Large email service providers, such as Gmail and Yahoo, have taken steps to reduce the prevalence of email scams by implementing mechanisms to verify the origin of an email,” said William Barker, a domestic guest researcher at the NIST in a release announcing the draft Guide for Improving Email Security.

“However, these mechanisms are difficult to implement, require long lead times, and must integrate into existing systems, making it difficult for organizations without a large IT department to do so. As a result, many enterprises have been slow to embrace these protections.”

The guide includes general security practices and a "how to" manual to ease installation. 

It was written in conjunction with nongovernmental partners Microsoft, NLnet Laboratories, Secure64, Internet Systems Consortium and Fraunhofer IAO.

The NIST will accept comments on the guide until Dec. 19.