LuxSci, a Boston-based Secure Messaging provider, is prepared to help agencies meet the Zero Trust and email security requirements outlined in the Office of Management and Budget’s new draft on Federal Zero Trust Guidance.
Many cybersecurity and IT professionals are familiar with the basic tenets of Zero Trust, but despite the major implications for email security, they are unfamiliar with MTA STS encryption specifications.
The draft guidance states: “CISA will work with FedRAMP to evaluate MTA STS as a viable government-wide solution for encrypted email and to make resulting recommendations to OMB.”
LuxSci was an early advocate for SMTP MTA STS as a way to increase the security of encrypted email transmissions. In 2018, MTA STS support was added to LuxSci’s email security platform and to its free and publicly available TLS checker so organizations can check the configurations of mail servers before sending possibly insecure emails.
“Enforcing SMTP MTA STS represents a raising of the bar for email encryption standards,” said Erik Kangas, PhD, Founder and CEO of LuxSci. “CISA’s evaluation has the potential to drastically change how the industry thinks about email security. LuxSci has long promoted MTA STS and is ready to assist any organization seeking to implement improvements to email transmission security.”
SMTP MTA STS is an “add-on” technology which, when supported by both senders and recipients, significantly improves the security of TLS encryption when transmitting email messages across the Internet. MTA STS represents the next level of security by enforcing the use of modern encryption ciphers and preventing most man-in-the-middle attacks.
LuxSci recently conducted a “State of the Industry” analysis of recipient TLS security and MTA STS support across a vast number of email domains. The analysis found that while 85% of email domains support all of the security settings needed for MTA STS, only 0.03% of domains have MTA STS enabled and enforced. By providing guidance that encourages the use of MTA STS, the federal government will encourage industries to make major strides towards securing sensitive email communications.
As a leader in email security, LuxSci strongly supports the enabling and enforcement of MTA STS. LuxSci created a “Forced TLS” service to automatically check all of the MX records for a domain to ensure they are configured according to best practices for strong SMTP TLS, including use of TLS 1.2+ and NIST-recommended ciphers. When a domain does not have a secure enough TLS configuration, emails should not be sent to that domain with only TLS to protect it (at LuxSci, such emails are automatically sent using other secure delivery methods). This prevents insecure email delivery due to server misconfiguration or protocol downgrades.
For more such updates follow us on Google News ITsecuritywire News