CISA draws plans for more secure federal civilian email

The Cybersecurity and Infrastructure Security Agency wants to beef up federal civilian email security with CISA-provisioned threat hunting and incident response efforts, according to a request for information published last week.

CISA, via the General Services Administration, is looking for feedback from industry on a broad set of email security measures, including a contractor-supplied protective email service to strengthen federal network protections.

CISA says part of its goal in exploring a new solution is to further protect federal civilian executive branch email and federal networks from malicious email content, in addition to leveraging its own cyber hunting, prevention, mitigation and incident response operations to strengthen federal networks’ cyber posture.

The service will be cloud-based and apply to nearly four million users and 100 agencies across all federal civilian executive branch email platforms, including on-premises, cloud hosted and hybrid. Its core functional capabilities should feature email attack prevention, scanning and filtering to assist with threat intelligence feeds and data loss prevention, the RFI says.

CISA envisions three basic use cases: including in-line active email protection, hunt and incident response with support from CISA's global operators as well as the management of the protective service by CISA and federal agencies.

The RFI states that CISA will exert some authority over agency email networks. “Agency email service operators and administrators will continue to perform their operational mission,” the RFI states. “They will have access to their agency [protective email service] data and additional policy settings but will not be able to override CISA globally provisioned policies.”

The RFI comes nearly four years after the Department of Homeland Security released a binding operational directive to enhance email and web security by requiring all federal agencies to implement Domain-based Message Authentication, Reporting and Conformance (DMARC) protocols.

While reports indicated some were slow to comply with the 2017 mandate, DHS officials later said they were encouraged by the many domain and email security measures agencies had begun implementing in its wake.

Responses to the RFI are due by Dec. 20. Depending on feedback from industry, GSA and CISA may plan to schedule "a larger conference or meetings" to discuss responses and next steps, according to the RFI.

This article was first posted to FCW.