The first deadline for the Department of Homeland Security Binding Operational Directive (BOD) 18-01 has passed and 63 percent of federal agencies have deployed DMARC, up from 18% when the directive was announced three months ago. BOD 18-01 was announced by DHS Assistant Secretary of Cybersecurity and Communications Jeanette Manfra on October 14, 2017. The mandate requires federal domains to improve email hygiene and traffic encryption through the adoption of DMARC and STARTTLS. January 14, 2018 marks the first 90 day deadline to deploy the basic DMARC monitoring policy of “p=none.”
BOD 18-01 is a tremendous step forward for the federal government and our citizenry. For too long criminals and nation states have acted with impunity, impersonating the identity of trusted federal agencies to defraud our citizens or commit espionage. By mandating the prevention of spoofing government agencies, DHS will have raised the bar for all malicious actors in attacking us all.
The Department of Homeland Security binding directive (BOD 18-01) outlines several milestones that agencies must meet in order to show progress and, ultimately, compliance with the directive. The first of those milestones (due on November 15th, 2017) is to create an Agency Plan of Action for BOD 18-01 outlining how the agency would implement the requirements of […]
Approximately 70% (by volume) of all private sector email is protected by DMARC. Unfortunately, US government have been slow to adopt this crucial email security standard. As of November 2017, only 32% of federal agency domains had published a DMARC policy to comply with the DHS mandate. This leaves government agencies and their constituents vulnerable*. Agari’s data shows that 25% of all emails sent from government domains are unauthenticated and potentially malicious. Despite these sobering statistics, there have been early adopters within the government sector who are paving the way and setting an example for those who follow.
If you are in the email business, the big story today is Mailsploit, a collection of email client bugs that threatens to undermine DMARC and render Secure Email Gateways (SEGs) obsolete. In other words, the end of the world is upon us, and we should all go back to using smoke signals or march forward […]
Are you ready for Binding Operational Directive 18-01? On October 16, 2017, the Department of Homeland Security (DHS) issued this directive in order to implement better security protocols on government emails. The DHS BOD 18-01 is a compulsory directive to all federal departments and agencies. Among the measures mandated in BOD 18-01 is a requirement […]