RFC NIST Trustworthy Email

SP 800-177 Rev. 1 (DRAFT)

Trustworthy Email (2nd Draft)

  

    Documentation     Topics

Date Published: December 2017
Comments Due: January 31, 2018
Email Comments to: sp800-177@nist.gov

Author(s)

Scott Rose (NIST), Stephen Nightingale (NIST), Simson Garfinkel (U.S. Census Bureau), Ramaswamy Chandramouli (NIST)

Announcement

Draft NIST Special Publication 800-177 Revision 1, Trustworthy Email, covers and gives recommendations for state of the art email security technologies to detect and prevent phishing and other malicious email messages. The guide was written for email administrators and for those developing security policies for an enterprise email infrastructure.

This second comment period for Revision 1 is to allow for comments on a newly included security recommendation dealing with mail confidentiality. This revision also includes more text on new email security protocols currently undergoing specification and finalization as IETF Draft Standards. Reviewers should pay particular attention to Sections 5.2 and 7.3, which has newly added material.

Abstract

This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will also be useful for small or medium sized organi... See full abstract

Keywords

Email; Simple Mail Transfer Protocol (SMTP); Transport Layer Security (TLS); Sender Policy Framework (SPF); Domain Keys Identified Mail (DKIM); Domain based Message Authentication, Reporting and Conformance (DMARC); Domain Name System (DNS) Authentication of Named Entities (DANE); S/MIME;

Control Families

None selected

DOCUMENTATION

Publication:
 Draft (2nd) SP 800-177 Rev. 1

Supplemental Material:
 Comment template (xls)

Related NIST Publications:
SP 800-45 Version 2