U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST SP 800-177 (Initial Public Draft)

Trustworthy Email

Date Published: March 2016
Comments Due: April 29, 2016 (public comment period is CLOSED)
Email Questions to: SP800-177@nist.gov

Author(s)

Scott Rose (NIST), Stephen Nightingale (NIST), Simson Garfinkel (NIST), Ramaswamy Chandramouli (NIST)

Announcement

NIST requests comments on the second draft of Special Publication (SP) 800-177, Trustworthy Email. This draft is a complementary guide to NIST SP 800-45, Guidelines on Electronic Mail Security, and covers protocol security technologies to secure email transactions. This draft guide includes recommendations for the deployment of domain-based authentication protocols for email as well as end-to-end cryptographic protection for email contents. Technologies recommended in support of core Simple Mail Transfer Protocol (SMTP) and the Domain Name System (DNS) include mechanisms for authenticating a sending domain (Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain based Message Authentication, Reporting and Conformance (DMARC). Email content security is facilitated through encryption and authentication of message content using S/MIME and/or Transport Layer Security (TLS) with SMTP. This guide is written for federal agency email administrators, information security specialists and network managers, but contains general recommendations for all enterprise email administrators.

Abstract

Keywords

Simple Mail Transfer Protocol (SMTP); Transport Layer Security (TLS); Sender Policy Framework (SPF); Domain Keys Identified Mail (DKIM); Domain based Message Authentication; Reporting and Conformance (DMARC); Domain Name System (DNS) Authentication of Named Entities (DANE); S/MIME; email; OpenPGP
Control Families

System and Communications Protection

Documentation

Publication:
Second Draft SP 800-177 (pdf)

Supplemental Material:
Comment Template (xlsx)
First Draft SP 800-177 (pdf)

Document History:
03/30/16: SP 800-177 (Draft)
09/07/16: SP 800-177 (Final)