Email is a critical component of military operations. However, it can also be vulnerable to cybersecurity threats. As such, the DoD has developed rigorous email access policies to ensure that sensitive information is protected. Defense contractors must demonstrate compliance with these policies to work with the DoD. This includes completing cybersecurity awareness training, protecting federal contract information (FCI), and maintaining secure email communications with DoD staff members.
Defense Information Systems Agency (DISA) has created an email system that is secure, scalable, and cost-effective. Known as Enterprise Email, the system is designed to handle millions of messages each day without disrupting mission-critical operations. The system is also flexible and able to quickly deploy security enhancements. For example, a new URL reputation-based scoring capability was recently added. This feature helps MMI to identify and block emails containing inappropriate content.
A secure email solution must meet DoD’s sensitivity requirements and be compatible with military platforms. In addition, the service must be able to protect emails and attachments from being compromised or viewed by unauthorized users. IdenTrust ECA certificates are a great way to meet these requirements. They can be used for both email signing and encryption.
The Army has a tough job ahead of it. It’s already had multiple IT modernization missteps, including a troubled tuition assistance platform and delays with its new Integrated Personnel and Pay System for the regular Army, Guard, and Reserve.
Are Military Emails Encrypted?
In general, military personnel must use official government email accounts for work-related communication. However, in some cases, they may be permitted to use personal email accounts for certain communications as long as they follow strict security protocols. Military email addresses are typically formatted with the sender’s first and last names followed by the appropriate department domain. These emails often include attachments, such as documents, images, or videos, that support the message. In addition, military email communications are encrypted to prevent unauthorized access.
In addition to encrypting all messages, the Military also ensures that its email system is secured through firewalls and other security measures. These policies are designed to protect all military personnel and their families, both in the US and abroad.
While email is a great way to stay in touch with family and friends, military personnel must be cautious when sending personal emails. This is especially true when communicating with children. All emails sent by military personnel must be approved by a supervisor or chain of command.
While Military takes your privacy seriously, it reserves the right to disclose personal information if required by law or in the good faith belief that such disclosure is necessary to:
- Conform to legal requirements or comply with legal processes, protect the rights or property of Military, its affiliated companies, or others.
- Prevent a crime or protect national security.
- Protect the personal safety of users or the public.
What is the DOD Standard for Encryption?
The Department of Defense is looking for robust encryption standards to ensure that its sensitive data systems are impenetrable by cyberattackers. “We need to ensure that our data systems remain secure and that adversaries are unable to steal our critical information,” Defense Undersecretary for Research and Development Lt. Gen. Alan Lettre said in remarks at a congressional hearing in November. The DoD is particularly concerned about terrorist actors using technology innovation, including ubiquitous encryption, to hurt Americans.
In addition to CMMC email communication and storage protocols, DoD contractors must ensure that their hard drives, computers, and other devices storing or transmitting CUI are encrypted. This includes cloud storage systems, such as Amazon Web Services and Microsoft Azure, in-house databases and file-sharing systems. Encryption makes the data unreadable without the decryption key, so attackers can’t access or use it.
Charles IT can help you secure your servers, hard drives, and mobile devices with endpoint encryption that meets CMMC requirements and protects your CUI from hackers. This service is a part of our CMMC compliance offerings, including backup and disaster recovery, dark web monitoring, external vulnerability scanning, and security awareness training. Contact us today to learn more about our CMMC services and how we can help you achieve compliance with DoD CMMC regulations.
What Are the Navy Email Regulations?
An email sent by the Navy’s legal arm reminded personnel not to use personal emails for official business, citing Pentagon policy. The memo, from the commander of the Naval Legal Service Command, cited various Department of Defense and government-wide laws and directives to remind Navy employees that it is inappropriate to communicate with other service members using non-official accounts. The commander also urged them to not transmit classified information using personal emails or other electronic communications.
NMCI and DTS users must have separate CACs for each function, and email addresses must be unique within each CAC. It is also mandatory to encrypt and digitally sign all emails containing Personally Identifiable Information (PII). In addition, the email header and attachment file name must include the marking “CUI”, and the first page of the attachment must contain a CUI indicator block.
For DTS, the Navy rules for Permissions and Accesses governs all permission levels, access, indicators, and system placement (i.e., insertion into a routing list) assigned to an individual’s DTS profile. To request a change to these settings, contact the MAJCOM LDTA or Navy DTS PMO.
NMCI users must log in at least every 30 days, or their account will be deactivated. It is recommended to utilize NMCI Outlook Web Access or OWA when possible to meet this requirement. In addition, DTS users must be logged in at least once a month to avoid deactivating their accounts.