当前位置:网站首页>FDA mail security solution
FDA mail security solution
2022-06-30 02:25:00 【Racent_ Y】
lately , There are many pharmaceutical companies , Customers in the food industry asked how to communicate with FDA Keep email communications secure 、 open , To solve this problem, we must first understand FDA Regulations on mail communication , Then do a good job in e-mail security and compliance , Ensure that the enterprise and FDA Communication security !
since 2018 year 10 month 1 The date of , External entities and FDA Conduct CBER Regulatory communications must be securely encrypted .
So how to achieve and FDA Keep email communication secure and encrypted ?FDA Two solutions were provided at the workshop : One is to use S/MIME certificate , The other is to enable... Based TLS/SSL Security protocol SMTP. Please follow the information Xiaobian of suiruicheng for details .
FDA Mail security solutions
S/MIME Overview of mail security scheme
Want to be with FDA Realize mail secure communication , Optional S/MIME certificate Digitally sign and encrypt e-mail . The sender can choose signing and encryption before sending the message , When FDA The intended recipient decrypts this message using the paired private key . adopt S/MIME The certificate can ensure that the mail will not be peeped and tampered during the whole transmission process , Satisfy FDA Compliance requirements for mail security encryption .
use S/MIME Certificate solution you need to have three conditions :
- One or more email addresses with unique domain name suffixes ;( notes :Comcast.net, Verizon.net, or AOL.com etc. ISP The email address provided by the mailbox service provider cannot be protected . Again , Free email service , Such as Gmail.com、Yahoo.com or ME.com And other e-mail addresses can't be protected .)
- A mailbox client that supports mail encryption certificates , Such as Outlook;
- One by trusted CA Digital certificates issued , namely S/MIME Mail certificate ;
Be careful : at present FDA Officially recommended S/MIME Certificate has Sectigo, Globalsign, Digicert etc. ,S/MIME The certificate shall meet SHA256 And above signature algorithms , Self signed certificates are not supported .
The other thing to say is , a sheet S/MIME Certificates protect only one email address at a time . therefore , From the end user's point of view ,S/MIME The certificate is configured 、 Use and maintenance are a little more complicated , And the reason is that :
- S/MIME Certificates usually need to be renewed annually or every three years . When a new certificate is installed on your mailbox client , Its certificate public key must also be provided to FDA.
- The old certificate must also remain on your client , Easy to decrypt and read previous emails .
- If you need more than one FDA Mailbox for secure communication , You need to get these through the established process FDA The certificate public key corresponding to each mailbox .
- In order to be readable on mobile devices S/MIME Encrypted mail , You also need to install this certificate on the device .
S/MIME Mail security certificate advantages
- Simple installation . You can configure it yourself , install S/MIME certificate , There is no need for the operation of the mail Administrator .
- End to end encryption .S/MIME Certificate solutions enable end-to-end encryption . The mail message is sent from your mailbox client to FDA Of S/MIME The whole process of firewall is encrypted . Besides , Whatever is stored in your mailbox is sent to FDA My email still received FDA Your emails are also securely encrypted . therefore , Even if your email is stolen , E-mail messages are encrypted as well , Others still can't read the content .
- The cost is low . One user uses one S/MIME Mail Security Certificate , The cost of one year only starts from 100 yuan .
Enable TLS/SSL Protect SMTP Program Overview
Make sure you and FDA Another solution for secure communication between e-mails is to install a business class on the mail server or host TLS/SSL certificate , Such as Sectigo, Thawte, Digicert etc. CA certificate , Protect SMTP domain name . The installation configuration only needs to be handled by the mailbox administrator . Using this solution can ensure that your infrastructure ( E.g. mail server ) And FDA Security of data transmitted between 、 encryption , Avoid man in the middle attacks to intercept your messages . This scheme needs to be connected with FDA Complete the necessary tests . Once the installation is successful , Enable SSL The certificate will protect SMTP All email addresses ending with the domain name under the domain name .
Be careful : Do not use self signed certificates or private certificates CA Signature certificate . Besides , Whether it's the internal mailbox system , Both external and managed mailboxes must be deployed SSL certificate , To ensure the security of mail communication .
If it is the internal mail system of the enterprise , Buy from certificate 、 verification 、 Issue 、 Obtaining may require 1-3 Time of day , Then it will take a few hours to complete the certificate configuration installation and testing ( Administrators and FDA Mail testing between secure mail teams ).
If the enterprise mailbox is hosted by a third party , Such as cloud mailbox service , It may take more time to complete the certificate configuration , Because this process needs the coordination and help of a third party .
Mail server SSL Certificate advantages
- Save money and time . After successfully configuring the certificate , Your entire email address is secure . If necessary, contact FDA There are a large number of mailbox users for secure communication , Select mail server certificate ( namely SSL certificate ) It will greatly reduce the certificate purchase cost and configuration time .
- No end user involvement is required . All certificate configuration steps are performed on the mail server , No end user involvement is required . Besides , End users can send mail as usual , No other operation is required , Enterprise mail infrastructure and FDA The data transmitted between will be automatically encrypted .
S/MIME Certificate and mail server SSL Certificate comparison
According to the two solutions described above , You can see their differences , As shown in the figure below .
S/MIME Encryption process and SSL Comparison chart of certificate encryption process
in general ,S/MIME Certificates are harder to maintain . However , It can provide end-to-end encryption , Protect message content from sender's client to FDA S/MIME Firewalls are secure and encrypted , And only these endpoints can decrypt read information . Besides , The encrypted messages saved in the mailbox are still encrypted , Even if the message is stolen , The attacker cannot decrypt .
And use SSL Certificate protection SMTP The configuration process of domain name is simpler , Especially for those who need a lot of email addresses and FDA Communication enterprises . However , It should be noted that MTA( Message transfer agent ) Every jump between needs to be in TLS/SSL Under protection . Besides , This scheme only ensures data security and encryption during transmission , Mail stored in mailbox ( At rest ) Not protected by encryption .
in summary , Enterprises can choose suitable products according to their own needs FDA Mail security solutions . Of course , If you want the perfect solution , You can combine the two , That is, deploy... On the mail server SSL certificate , Ensure that messages are not blocked 、 peep , Then install... On the enterprise employee mailbox client S/MIME The e-mail certificate ensures that the e-mail content is securely encrypted both in the transmission process and in the static state , In this way, it can meet FDA Compliance requirements of , It can also protect you and FDA Mail communication security !
As a leading e-mail security service provider in China , Ruicheng information provides multi brand enterprises S/MIME Mail security certificate and mail server SSL certificate , And can be customized according to your needs FDA S/MIME Email security PKI programme , Realization S/MIME Automatic certificate issuance , Automated Deployment and centralized management .
This article comes from Ruicheng information , Reprint please indicate the original address :https://www.racent.com/blog/fda-email-security-solutions
边栏推荐
- Matlab code running tutorial (how to run the downloaded code)
- How does payment splitting help B2B bulk commodity transactions?
- 五个最便宜的通配符SSL证书品牌
- DHU programming exercise
- vs实现快速替换功能
- Four, forty, fourhundred swatches
- Realization of a springboard machine
- 新考纲下的PMP考试有多难?全面解析
- DDoS attacks - are we really at war?
- DDoS extortion attacks: what you need to know
猜你喜欢
26. common interview questions of algorithm
Can autojs code be encrypted? Yes, display of autojs encryption skills
How to use SMS to deliver service information to customers? The guide is here!
Day_ 19 multithreading Basics
Widget uses setimageviewbitmap method to set bug analysis
SSL证书格式转化的两种方法
希尔排序
Traffic, but no sales? 6 steps to increase website sales
Entering Jiangsu writers and poets carmine Jasmine World Book Day
Merge sort
随机推荐
Recheck on February 15, 2022
dhu编程练习
day33
Jenkins continuous integration environment construction VII (Jenkins parametric construction)
Encapsulate a complete version of the uniapp image and video upload component, which can be used immediately, switch between images and videos, customize the upload button style, delete the button sty
How long is the general term of the bank's financial products?
Realization of a springboard machine
如何制作CSR(Certificate Signing Request)文件?
Le Code autojs peut - il être chiffré? Oui, présentation des techniques de chiffrement autojs
Creating exquisite skills in maker Education
True love forever valentine's Day gifts
DDoS attacks - are we really at war?
直接插入排序
如何预防钓鱼邮件?S/MIME邮件证书来支招
论文回顾:Playful Palette: An Interactive Parametric Color Mixer for Artists
网上炒股安全么?炒股需要开户吗?
什么是自签名证书?自签名SSL证书的优缺点?
冒泡排序
DHU programming exercise
DDoS extortion attacks: what you need to know