Encryption and digital signatures are tools we use to maintain the confidentiality, authentication, and integrity of this information. Much of the information we send across our networks requires protection. The final example explains why you must insert your CAC when using a multi-function device or digital sender to scan a document to e-mail you are, in fact, sending an e-mail with an attachment, which requires a digital signature. Digital signatures also provide non-repudiation, which means the sender cannot deny sending the message, since it contains their digital signature.Įxamples of when digital signatures should be used include messages containing formal direction to government employees or contractors stipulating an Air Force official position committing to, authorizing, or denying the use of funds or containing an embedded hyperlink and/or attachment. They confirm the message comes from the sender who signed the message, and that it has not been altered at any point during transmission. You should report the breach of other information types to the applicable authority, such as the organization IAO, Security Manager, or supervisory chain.ĭigital signatures verify the authenticity and integrity of messages. The discovery that PII has been sent unencrypted must be reported to the organization Privacy Manager, who will process the report according to the Air force Privacy and Civil Liberties Program. You must immediately report the unencrypted transmission of information requiring encryption. Otherwise, the sender may need to find an alternate means of delivery, such as FAX, the postal system, or a delivery or courier service. Possible solutions include retrieving the recipient's public key from the DoD Global Directory Service (GDS) or having the recipient send a digitally signed message, which would include their public key. The global address list (GAL) may not contain the recipient's key, or the recipient may not have a GAL listing at all. One issue you may encounter when trying to send an encrypted message is that you may not have the recipient's public key.
Doing so constitutes a classified messaging incident (CMI), which results in lost man-hours, labor costs, and possible disciplinary action against the violator. You should know e-mail encryption does NOT enable you to send classified information over unclassified systems. Banner tags should be placed at the start of messages, rather than at the end, so they are not easily overlooked. Markings must be placed in message subject lines, at the message top and bottom, and at the start of paragraphs, etc., as necessary. In addition to using encryption, you must properly mark messages containing information requiring protection.
#Email signature examples 2014 registration
Examples of PII are social security numbers (SSNs), alien registration numbers, biometric identifiers, and financial account numbers. Information requiring encryption includes, but is not limited to, Controlled Unclassified Information (CUI), For Official Use Only (FOUO), Personally Identifiable Information (PII), Health Insurance Portability and Accountability Act (HIPAA), Privacy Act (PA), proprietary, and contracting data. When you encrypt an email message using the recipient's public key, the message can only be decrypted by the recipient's private key, which resides in their common access card (CAC). You must be familiar with using encryption and digital signatures, the types of information requiring protection, and possible issues they may run into with these services.Įncryption protects information confidentiality by ensuring nobody except the intended recipient can read it.
We use these tools to preserve the confidentiality, authenticity, and integrity of information sent across the network, such as through e-mail. WRIGHT PATTERSON AIR FORCE BASE, Ohio - During the WPAFB Command Cyber Readiness Inspection (CCRI) (8~), DISA inspectors may ask you about encrypting and digitally signing email messages.