urlscan.io logo urlscan.io
SecurityTrails logo

csrc.nist.gov Open in urlscan Pro
2600:1f18:268d:1d01:f609:5e91:8a48:f546  Public Scan

Back to summary
Submitted URL: https://csrc.nist.gov/publications/detail/sp/800-177/rev-1/final
Effective URL: https://csrc.nist.gov/pubs/sp/800/177/r1/final
Submission: On October 14 via api from PH — Scanned from DE

Form analysis 2 forms found in the DOM

Name: site-searchGET /search

<form name="site-search" id="site-search-form" action="/search" method="GET">
  <label for="search-csrc-query" class="element-invisible">Search</label>
  <input autocomplete="off" class="form-control" id="search-csrc-query" name="keywords" type="text" size="15" maxlength="128" placeholder="Search CSRC">
  <input type="hidden" name="ipp" value="25">
  <input type="hidden" name="sortBy" value="relevance">
  <input type="hidden" name="showOnly" value="publications,projects,news,events,presentations,glossary,topics">
  <input type="hidden" name="topicsMatch" value="ANY">
  <input type="hidden" name="status" value="Final,Draft">
  <button type="submit" id="search-csrc-submit-btn" class="form-submit">
    <span class="element-invisible">Search</span>
    <i class="fa fa-search"></i>
  </button>
</form>

Name: site-search-mobileGET /search

<form name="site-search-mobile" id="site-search-form-mobile" action="/search" method="GET">
  <label for="search-csrc-query-mobile" class="element-invisible">Search</label>
  <input autocomplete="off" class="form-control" id="search-csrc-query-mobile" name="keywords" type="text" size="15" maxlength="128" placeholder="Search CSRC">
  <button type="submit" id="search-csrc-submit-btn-mobile" class="form-submit">
    <span class="element-invisible">Search</span>
    <i class="fa fa-search"></i>
  </button>
</form>

Text Content

You are viewing this page in an unauthorized frame window.

This is a potential security issue, you are being redirected to
https://csrc.nist.gov.

You have JavaScript disabled. This site requires JavaScript to be enabled for
complete site functionality.

An official website of the United States government

Here’s how you know

Here’s how you know

Official websites use .gov
A .gov website belongs to an official government organization in the United
States.

Secure .gov websites use HTTPS
A lock ( Lock Locked padlock icon ) or https:// means you’ve safely connected to
the .gov website. Share sensitive information only on official, secure websites.

Search Search
CSRC MENU
Search Search
 * Projects
 * Publications Expand or Collapse
   
   Drafts for Public Comment
   
   All Public Drafts
   
   Final Pubs
   
   FIPS (standards)
   
   Special Publications (SPs)
   
   IR (interagency/internal reports)
   
   CSWP (cybersecurity white papers)
   
   ITL Bulletins
   
   Project Descriptions
   
   Journal Articles
   
   Conference Papers
   
   Books

 * Topics Expand or Collapse
   
   Security & Privacy
   
   Applications
   
   Technologies
   
   Sectors
   
   Laws & Regulations
   
   Activities & Products

 * News & Updates
 * Events
 * Glossary
 * About CSRC Expand or Collapse
   
   Computer Security Division
   
   
    * Cryptographic Technology
    * Secure Systems and Applications
    * Security Components and Mechanisms
    * Security Engineering and Risk Management
    * Security Testing, Validation, and Measurement
   
   
   
   Applied Cybersecurity Division
   
   
    * Cybersecurity and Privacy Applications
    * National Cybersecurity Center of Excellence (NCCoE)
    * National Initiative for Cybersecurity Education (NICE)
   
   
   
   Contact Us

Information Technology Laboratory
Computer Security Resource Center

Publications


NIST SP 800-177 REV. 1


TRUSTWORTHY EMAIL

Share to Facebook Share to Twitter Share to LinkedIn Share ia Email

    Documentation     Topics

Date Published: February 2019


Supersedes: SP 800-177 (09/07/2016)


AUTHOR(S)

Scott Rose (NIST), Stephen Nightingale (NIST), Simson Garfinkel (U.S. Census
Bureau), Ramaswamy Chandramouli (NIST)

ABSTRACT

This document gives recommendations and guidelines for enhancing trust in email.
The primary audience includes enterprise email administrators, information
security specialists and network managers. This guideline applies to federal IT
systems and will also be useful for small or medium sized organizations.
Technologies recommended in support of core Simple Mail Transfer Protocol (SMTP)
and the Domain Name System (DNS) include mechanisms for authenticating a sending
domain: Sender Policy Framework (SPF), Domain Keys Identified Mail(DKIM) and
Domain based Message Authentication, Reporting and Conformance (DMARC).
Recommendations for email transmission security include Transport Layer Security
(TLS) and associated certificate authentication protocols. Recommendations for
email content security include the encryption and authentication of message
content using S/MIME (Secure/Multipurpose Internet Mail Extensions) and
associated certificate and key distribution protocols.

This document gives recommendations and guidelines for enhancing trust in email.
The primary audience includes enterprise email administrators, information
security specialists and network managers. This guideline applies to federal IT
systems and will also be useful for small or medium sized... See full abstract

This document gives recommendations and guidelines for enhancing trust in email.
The primary audience includes enterprise email administrators, information
security specialists and network managers. This guideline applies to federal IT
systems and will also be useful for small or medium sized organizations.
Technologies recommended in support of core Simple Mail Transfer Protocol (SMTP)
and the Domain Name System (DNS) include mechanisms for authenticating a sending
domain: Sender Policy Framework (SPF), Domain Keys Identified Mail(DKIM) and
Domain based Message Authentication, Reporting and Conformance (DMARC).
Recommendations for email transmission security include Transport Layer Security
(TLS) and associated certificate authentication protocols. Recommendations for
email content security include the encryption and authentication of message
content using S/MIME (Secure/Multipurpose Internet Mail Extensions) and
associated certificate and key distribution protocols.


Hide full abstract

KEYWORDS

Simple Mail Transfer Protocol (SMTP); Transport Layer Security (TLS); Sender
Policy Framework (SPF); Domain Keys Identified Mail (DKIM); Domain based Message
Authentication, Reporting and Conformance (DMARC); Domain Name System (DNS)
Authentication of Named Entities (DANE); Email; S/MIME

CONTROL FAMILIES

None selected

DOCUMENTATION

Publication:
https://doi.org/10.6028/NIST.SP.800-177r1
Download URL


Supplemental Material:
High Assurance Domains project


Related NIST Publications:
SP 800-45 Version 2


Document History:
09/13/17: SP 800-177 Rev. 1 (Draft)
12/15/17: SP 800-177 Rev. 1 (Draft)
02/26/19: SP 800-177 Rev. 1 (Final)


TOPICS

Security and Privacy

general security & privacy, trustworthiness

Technologies

email

Applications

communications & wireless


HEADQUARTERS
100 Bureau Drive
Gaithersburg, MD 20899
 * twitter (link is external)
 * facebook (link is external)
 * linkedin (link is external)
 * instagram (link is external)
 * youtube (link is external)
 * rss
 * govdelivery (link is external)

Want updates about CSRC and our publications? Subscribe



Contact Us | Our Other Offices

Send inquiries to csrc-inquiry@nist.gov
 * Site Privacy
 * Accessibility
 * Privacy Program
 * Copyrights
 * Vulnerability Disclosure
 * No Fear Act Policy
 * FOIA
 * Environmental Policy
 * Scientific Integrity
 * Information Quality Standards
 * Commerce.gov
 * Science.gov
 * USA.gov
 * Vote.gov