Date Published: February 2007
Supersedes: SP 800-45 (September 2002)
Author(s)
Miles Tracy (Federal Reserve Information Technology), Wayne Jansen (NIST), Karen Scarfone (NIST), Jason Butterfield (BAH)
This document was developed in furtherance of NIST's statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. The purpose of the publication is to recommend security practices for designing, implementing, and operating email systems on public and private networks. It contains information on popular email encryption standards and other standards relating to email. It presents general information on securing mail servers' operating systems and specific guidance on securing mail server applications, protecting messages traversing servers, and securing access to mailboxes. It also provides information regarding email client security and mail server administration.
This document was developed in furtherance of NIST's statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. The purpose of the publication is to recommend security practices for designing, implementing, and operating email systems on...
See full abstract
This document was developed in furtherance of NIST's statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. The purpose of the publication is to recommend security practices for designing, implementing, and operating email systems on public and private networks. It contains information on popular email encryption standards and other standards relating to email. It presents general information on securing mail servers' operating systems and specific guidance on securing mail server applications, protecting messages traversing servers, and securing access to mailboxes. It also provides information regarding email client security and mail server administration.
Hide full abstract
Keywords
email; electronic mail; FISMA
Control Families
Access Control;
Audit and Accountability;
Configuration Management;
Contingency Planning;
Identification and Authentication;
Planning;
Risk Assessment;
System and Communications Protection;
System and Information Integrity;