FDA mail security solution

lately , There are many pharmaceutical companies , Customers in the food industry asked how to communicate with FDA Keep email communications secure 、 open , To solve this problem, we must first understand FDA Regulations on mail communication , Then do a good job in e-mail security and compliance , Ensure that the enterprise and FDA Communication security ！

since 2018 year 10 month 1 The date of , External entities and FDA Conduct CBER Regulatory communications must be securely encrypted .

So how to achieve and FDA Keep email communication secure and encrypted ？FDA Two solutions were provided at the workshop ： One is to use S/MIME certificate , The other is to enable... Based TLS/SSL Security protocol SMTP. Please follow the information Xiaobian of suiruicheng for details .

FDA Mail security solutions

S/MIME Overview of mail security scheme

Want to be with FDA Realize mail secure communication , Optional S/MIME certificate Digitally sign and encrypt e-mail . The sender can choose signing and encryption before sending the message , When FDA The intended recipient decrypts this message using the paired private key . adopt S/MIME The certificate can ensure that the mail will not be peeped and tampered during the whole transmission process , Satisfy FDA Compliance requirements for mail security encryption .
use S/MIME Certificate solution you need to have three conditions ：

1. One or more email addresses with unique domain name suffixes ;（ notes ：Comcast.net, Verizon.net, or AOL.com etc. ISP The email address provided by the mailbox service provider cannot be protected . Again , Free email service , Such as Gmail.com、Yahoo.com or ME.com And other e-mail addresses can't be protected .）
2. A mailbox client that supports mail encryption certificates , Such as Outlook;
3. One by trusted CA Digital certificates issued , namely S/MIME Mail certificate ;

Be careful ： at present FDA Officially recommended S/MIME Certificate has Sectigo, Globalsign, Digicert etc. ,S/MIME The certificate shall meet SHA256 And above signature algorithms , Self signed certificates are not supported .

The other thing to say is , a sheet S/MIME Certificates protect only one email address at a time . therefore , From the end user's point of view ,S/MIME The certificate is configured 、 Use and maintenance are a little more complicated , And the reason is that ：

• S/MIME Certificates usually need to be renewed annually or every three years . When a new certificate is installed on your mailbox client , Its certificate public key must also be provided to FDA.
• The old certificate must also remain on your client , Easy to decrypt and read previous emails .
• If you need more than one FDA Mailbox for secure communication , You need to get these through the established process FDA The certificate public key corresponding to each mailbox .
• In order to be readable on mobile devices S/MIME Encrypted mail , You also need to install this certificate on the device .

S/MIME Mail security certificate advantages

1. Simple installation . You can configure it yourself , install S/MIME certificate , There is no need for the operation of the mail Administrator .
2. End to end encryption .S/MIME Certificate solutions enable end-to-end encryption . The mail message is sent from your mailbox client to FDA Of S/MIME The whole process of firewall is encrypted . Besides , Whatever is stored in your mailbox is sent to FDA My email still received FDA Your emails are also securely encrypted . therefore , Even if your email is stolen , E-mail messages are encrypted as well , Others still can't read the content .
3. The cost is low . One user uses one S/MIME Mail Security Certificate , The cost of one year only starts from 100 yuan .

Enable TLS/SSL Protect SMTP Program Overview

Make sure you and FDA Another solution for secure communication between e-mails is to install a business class on the mail server or host TLS/SSL certificate , Such as Sectigo, Thawte, Digicert etc. CA certificate , Protect SMTP domain name . The installation configuration only needs to be handled by the mailbox administrator . Using this solution can ensure that your infrastructure （ E.g. mail server ） And FDA Security of data transmitted between 、 encryption , Avoid man in the middle attacks to intercept your messages . This scheme needs to be connected with FDA Complete the necessary tests . Once the installation is successful , Enable SSL The certificate will protect SMTP All email addresses ending with the domain name under the domain name .

Be careful ： Do not use self signed certificates or private certificates CA Signature certificate . Besides , Whether it's the internal mailbox system , Both external and managed mailboxes must be deployed SSL certificate , To ensure the security of mail communication .

If it is the internal mail system of the enterprise , Buy from certificate 、 verification 、 Issue 、 Obtaining may require 1-3 Time of day , Then it will take a few hours to complete the certificate configuration installation and testing （ Administrators and FDA Mail testing between secure mail teams ）.

If the enterprise mailbox is hosted by a third party , Such as cloud mailbox service , It may take more time to complete the certificate configuration , Because this process needs the coordination and help of a third party .

Mail server SSL Certificate advantages

1. Save money and time . After successfully configuring the certificate , Your entire email address is secure . If necessary, contact FDA There are a large number of mailbox users for secure communication , Select mail server certificate （ namely SSL certificate ） It will greatly reduce the certificate purchase cost and configuration time .
2. No end user involvement is required . All certificate configuration steps are performed on the mail server , No end user involvement is required . Besides , End users can send mail as usual , No other operation is required , Enterprise mail infrastructure and FDA The data transmitted between will be automatically encrypted .

S/MIME Certificate and mail server SSL Certificate comparison

According to the two solutions described above , You can see their differences , As shown in the figure below .

S/MIME Encryption process and SSL Comparison chart of certificate encryption process

in general ,S/MIME Certificates are harder to maintain . However , It can provide end-to-end encryption , Protect message content from sender's client to FDA S/MIME Firewalls are secure and encrypted , And only these endpoints can decrypt read information . Besides , The encrypted messages saved in the mailbox are still encrypted , Even if the message is stolen , The attacker cannot decrypt .

And use SSL Certificate protection SMTP The configuration process of domain name is simpler , Especially for those who need a lot of email addresses and FDA Communication enterprises . However , It should be noted that MTA（ Message transfer agent ） Every jump between needs to be in TLS/SSL Under protection . Besides , This scheme only ensures data security and encryption during transmission , Mail stored in mailbox （ At rest ） Not protected by encryption .

in summary , Enterprises can choose suitable products according to their own needs FDA Mail security solutions . Of course , If you want the perfect solution , You can combine the two , That is, deploy... On the mail server SSL certificate , Ensure that messages are not blocked 、 peep , Then install... On the enterprise employee mailbox client S/MIME The e-mail certificate ensures that the e-mail content is securely encrypted both in the transmission process and in the static state , In this way, it can meet FDA Compliance requirements of , It can also protect you and FDA Mail communication security ！

As a leading e-mail security service provider in China , Ruicheng information provides multi brand enterprises S/MIME Mail security certificate and mail server SSL certificate , And can be customized according to your needs FDA S/MIME Email security PKI programme , Realization S/MIME Automatic certificate issuance , Automated Deployment and centralized management .

This article comes from Ruicheng information , Reprint please indicate the original address ：https://www.racent.com/blog/fda-email-security-solutions