Executive SummaryBoth public and private-sector business operations are heavily reliant on electronic mail (email) exchanges, but the integrity of these transactions is often at risk, including financial and other proprietary information, as well as the privacy of employees and clients.Tools exist that are capable of providing the needed email security and privacy protection, but a number of factors have impeded the adoption of these existing security and privacy capabilities. These include: The absence of comprehensive configuration instructions for composed sets of trusted electronic mail components, The absence of easily accessible information that points systems administrators to easily implemented software libraries and software applications, and A perception that email security measures negatively impact the performance of email systems.However, operating an email system without employing the available security and privacy tools invites attackers to breach sensitive enterprise information by introducing false addresses into mail messages, disrupting secure communication signaling, and improving the probability of successfully inducing enterprise users to open malicious attachments -still the most common method for introducing malware and breaching enterprise systems.The National Cybersecurity Center of Excellence (NCCoE) developed a set of example email security solutions that can help organizations to more easily implement security and privacy tools and protocols, thus reducing the likelihood of a data breach. The example security platforms described in this guide are consistent with the guidance and best practices contained in government and industry security standards. How these platforms address specific security requirements and best practices is addressed in Volume B of this guide.The NCCoE's approach permits the use of both open source and commercially available products that can be included alongside the current mail products in existing infrastructure. The example solution set is described in Volume C, a "How To" guide that shows how to implement a set of standards-based, commercially available cybersecurity technologies in the real world. CHALLENGEWhether the security service desired is an authentication of the source of an email message or an assurance that the message has not been altered by or disclosed to an unauthorized party, organizations must employ some cryptographic protection mechanism. Economies of scale and a need for uniform security implementation drive most enterprises to rely on mail servers and/or Internet service providers (ISPs) to provide security to all members of an enterprise. Many of these server-based email security mechanisms are vulnerable to, and have been defeated by, attacks on the integrity of the cryptographic implementations on which they depend. The consequences of these vulnerabilities frequently involve unauthorized parties being able to read or modify supposedly secure information, or to use email as a means to insert malware into the system in order to ...
On-demand access to public safety data is critical to ensuring that public safety and first responders (PSFRs) can protect life and property during an emergency. This public safety information, often needing to be accessed via mobile or portable devices, routinely includes sensitive information, such as personally identifiable information, law enforcement sensitive information, and protected health information. Because the communications are critical to public safety and may include sensitive information, robust and reliable authentication mechanisms that do not hinder delivery of emergency services are required. In collaboration with the National Institute of Standards and Technology (NIST) Public Safety Communications Research laboratory and industry stakeholders, the National Cybersecurity Center of Excellence (NCCoE) at NIST built a laboratory environment to demonstrate standardsbased technologies that can enable PSFRs to gain access to public safety information efficiently and securely by using mobile devices. The technologies demonstrated are currently available and include (1) single sign-on (SSO) capabilities that reduce the number of credentials that need to be managed by public safety personnel, and reduce the time and effort that individuals spend authenticating themselves;(2) identity federation that can improve the ability to authenticate personnel across public safety organization (PSO) boundaries; and (3) multifactor authentication (MFA) that enables authentication with a high level of assurance. This NIST Cybersecurity Practice Guide describes how organizations can implement these technologies to enhance public safety mission capabilities by using standards-based commercially available or open-source products. The technologies described facilitate interoperability among diverse mobile platforms, applications, relying parties, identity providers (IdPs), and public-sector and private-sector participants, regardless of the application development platform used in their construction. CHALLENGERecent natural and human-made disasters and crises have highlighted the importance of efficient and secure access to critical information by PSFRs. For decades, much of this information was broadcast to PSFRs by voice over radio. More recently, many PSOs have transitioned to a hybrid model that includes automated access to much of this information via ruggedized mobile laptops and tablets. Further advances in technology have resulted in increasing reliance on smartphones or similar portable devices for field access to public safety information. The increasing reliance on these devices has driven the use of "native app"-based interfaces to access information, in addition to more conventional browser-based methods.Many PSOs are in the process of transitioning from conventional land-based mobile communications to high-speed, regional or nationwide wireless broadband networks (e.g., FirstNet). These networks employ Internet Protocol-based communications to provide secure and interoperable public safety communi...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.