NIST Finalizes Revised Guidance on Email Security

email security DMARC

The National Institute of Standards and Technology (NIST) released a finalized revision of SP 800-177, which offers best practices for email security, including DMARC, DNS, and S/MIME.

The new version of the document does not vary much from the framework released in September 2016, but with its implementation, the framework effectively updates the minimum standards for FISMA compliance, per the Office of Management and Budget’s Circular A-119.

Among the minor changes in the revision are the inclusion of third-party email scanning services, third party email malware scanners, primarily for cloud-based email, and recommendations for either DANE or SMTP MTA Strict Transport Security procedures.

Recent