After suffering several security breaches over the past few years, the US government will finally require federal agencies to implement basic email security measures. According to Reuters, Homeland Security's deputy undersecretary for cybersecurity Jeanette Manfra has revealed at an event in New York that the agency will soon require other federal agencies to adopt DMARC and STARTTLS. DMARC helps detect and block spoofed emails to prevent impersonation of government officials. STARTTLS prevents emails from being intercepted en route to the recipient. Both are at least a decade old and have already been widely adopted by email providers like Google and Microsoft.
Manfra said Homeland Security will issue a binding directive soon, after which agencies will have 90 days to implement the new requirements. Democratic Senator Ron Wyden has been trying to convince agencies to begin implementing the standards since earlier this year. See, the problem is that some government offices already use at least one of those two security measures, while others don't. In fact, the Pentagon has only started using STARTTLS to protect the military's mail.mil email accounts in July. The directive will ensure all agencies are protected by both -- as they say, better late than never.