CISA mulls plan to safeguard federal civilian email

According to contracting documents, the Cybersecurity and Infrastructure Security Agency is looking to take a leading role in identifying and defending against threats against federal civilian executive branch email systems and networks.

examining email (Graphic farm/

The Cybersecurity and Infrastructure Security Agency (CISA) is seeking to ramp up threat hunting and incident response efforts to improve federal civilian email security capabilities, according to a request for information published last week.

CISA, via the General Services Administration, is looking for feedback from from industry on a broad set of email security measures, including a contractor supplied protective email service to strengthen federal network protections.

CISA says part of its goal in exploring a new solution is to further protect federal civilian executive branch email and federal networks from malicious email content, in addition to leveraging its own cyber hunting, prevention, mitigation and incident response operations to strengthen federal networks’ cyber posture.

The service will be cloud-based and apply to nearly four million users and 100 agencies across all federal civilian executive branch email platforms, including on-premises, cloud hosted and hybrid. Its core functional capabilities should feature capabilities like email attack prevention, scanning and filtering to assist with threat intelligence feeds and data loss prevention, the RFI says.

CISA envisions three basic use cases: including in line active email protection, hunt and incident response with support from CISA's global operators, as well as the management of the protective service by CISA and federal agencies.

The RFI states that CISA will exert some authority over agency email networks. “Agency email service operators and administrators will continue to perform their operational mission,” the RFI states. “They will have access to their agency [protective email service] data and additional policy settings but will not be able to override CISA globally provisioned policies.”

The RFI comes nearly four years after the Department of Homeland Security (DHS) released a binding operational directive to enhance email and web security by requiring all federal agencies to implement Domain-based Message Authentication, Reporting and Conformance (DMARC) protocols.

While reports indicated some were slow to comply with the 2017 mandate, DHS officials later said they were encouraged by the many domain and email security measures agencies had begun implementing in its wake.

Responses to the RFI are due by December 20. Depending on feedback from industry, GSA and CISA may plan to schedule "a larger conference or meetings" to discuss responses and next steps, according to the RFI.