A tutorial on FedRAMP and DHS BOD 18-01 email protection

I keep talking about FedRAMP certification. FedRAMP stands for Federal Risk and Authorization Management Program, and determines whether or not cloud products and services are SECURE ENOUGH TO BE USED BY FEDERAL AGENCIES. In other words, do they comply with federal security rules? Compliance would be good news. The bad news: DOD and NSA exceptions make this a joke.

There is also Department of Homeland Security (DHS) BOD 18-01. BOD stands for "Binding Operational Directive" for Federal agencies to adopt the Domain Message Authentication Reporting and Conformance (or DMARC) protocol, and the deadline for compliance was October 16, 2018. Yeah, right. "Binding" is kind of a laugh, given lax compliance.

So I'll keep harping on DMARC enforcement for your email phishing/spoofing/impersonation protection. Pay attention, unless of course you want to be a data breach headline.

Mad Max

#dmarc #fedramp #dhs #bod18-01 #enforcement #databreach