Forcepoint Trusted Mail System
Exchange Emails and Attachments Securely Across Different Networks
Your users need a better, faster way to access multiple work email accounts — while remaining secure. Trusted Mail System meets that need with a highly secure solution that enables smart policy enforcement.
Secure information sharing and cross-agency collaboration are primary drivers throughout defense, intelligence and civilian agencies today. Combined with the overwhelming need for increased productivity, this puts pressure on your users to be more efficient with email, especially when they must use multiple work-related email accounts on different networks at varying sensitivity levels.
Trusted Mail System is a highly secure Commercial-Off-The-Shelf (COTS) solution that enables policy-enforced exchange of emails and attachments between users on different networks, eliminating the need to switch between email systems at multiple levels.
Trusted Mail System provides a "single inbox" at the highest security level that consolidates email residing on multiple networks, making it less likely that important and mission-sensitive communications will be overlooked. Users are able to read, forward and respond to any email message that they receive regardless of the destination security level, but any emails generated will originate from the security level at which the consolidation resides (normally the highest security level).
Trusted Mail System leverages our widely deployed, accredited and Unified Cross Domain Services Management Office (UCDSMO) Baseline-listed Trusted Gateway System™ as the cross domain guard component. The guard ensures that malicious data is not transferred between networks and that sensitive data is not inadvertently or intentionally leaked.
Features and Benefits:
- Increases user productivity by providing a ‘single inbox’ capability across multiple email domains
- Utilizes proven, US UCDSMO Baseline listed, certified and accredited Trusted Gateway System guard technology for content inspection and security policy enforcement
- Commercial-Off-The-Shelf (COTS) solution
- Leverages our Trusted Gateway System guard technology for content inspection and security policy enforcement
- Exceptional built-in reliable two-person manual review and self-release capabilities (as required by organizational policy)
- Data inspections that include dirty word search, virus scanning, file type verification and deep content inspection
- Supports inspection of email content, attachments, headers and nested messages
- Provides easy administration by integrating with existing email gateways across the enterprise
Intelligence communities, Departments of Defense/ Defence, and Civilian agencies are realizing cost savings and collaboration by moving data to shared networks in the cloud and controlling access to that data based on a user’s identity, role and “need to know.” This move toward common IT architectures and infrastructure is required in order to meet the longer term goal of enabling authorized users to securely access their data, email, and applications from any device anywhere.
Forcepoint’s secure information sharing solutions provide the ability to securely and effectively access multiple virtualized desktops within private clouds or expand their reach by connecting to remote community clouds, while also being able to securely transfer data between them. This secure connectivity fosters heightened information sharing within and between agencies and coalition partners.
Trusted Mail System addresses the specific need for the secure transfer of email and attachments between multiple security levels and different networks.
Trusted Gateway System
Trusted Mail System is a Commercial-Off-The-Shelf (COTS) highly secure solution that enables the policyenforced exchange of emails and attachments between users on different networks eliminating the need to switch between email systems at multiple levels. Trusted Mail System provides a “single inbox” that consolidates email residing on various networks at the highest level, making it less likely that important and mission-sensitive email communications are overlooked. Users are able to read, forward, and respond to any email message that they receive regardless of the security level, but any emails generated will originate from the security level at which the single inbox resides (normally the highest security level). Email messages received from different security levels can be color coded within Microsoft Outlook using a set of simple client-based rules.
Trusted Mail System leverages the widely deployed, accredited and US Unified Cross Domain Services Management Office (UCDSMO) Baseline listed Trusted Gateway System™ as the secure transfer guard component. Trusted Gateway System ensures that malicious data is not transferred between networks and that sensitive data is not inadvertently or intentionally leaked. With Trusted Mail System, the guard inspects and sanitizes all email content, including messages, headers and attachments.
In addition to the Trusted Gateway System transfer guard, Trusted Mail System includes specialized adapters, residing within each security domain. These adapters are responsible for receiving email destined for a different domain, and consolidating that into a package which is then submitted to the guard for review. The adapters perform pre-screening on all email content prior to submitting the package to the guard, to enforce controls on attachment size and type, and number of attachments, as well as blocking emails from configured lists of senders and recipients (blacklists). This pre-screening process is also used to obfuscate selected header fields (names, email addresses, and IP addresses) and remove potential vulnerabilities in email headers.
Trusted Gateway System performs deep content inspection filtering of email messages, attachments and nested content (including multi-part MIME) which includes:
- File type identification
- Virus scanning
- Dirty word search
- Analysis of Microsoft Office documents via Purifile
- PDF transformation and sanitization
- Image transformation
Trusted Mail System ensures that status and error message information from the recipient’s domain are correlated to the original email sent from the sender’s domain. This is especially helpful for Administrators when troubleshooting email errors. For additional security, Trusted Mail System provides complete end-to-end auditing of all events through the system for comprehensive security monitoring and postevent forensics.
Ease of Administration
Trusted Mail System provides seamless interoperability with existing IT and email infrastructures. Trusted Mail System supports common email clients such as, but not limited to, Outlook, Thunderbird, and Eudora. Minimal user configuration is required for easy integration into the enterprise environment. Users continue to send and receive email without any disruption to their normal email activity so no additional training is required. Administrators can easily export audit and log data to be correlated and managed by external management systems. System error notifications are integrated with legacy network management tools to provide Administrators a consolidated view.
Communications between the inbound adapter and the guard is encrypted using transport layer security (TLS) and authenticated using either username/password or certificates. The communication between the guard and the output adapter is encrypted using Secure File Transfer Program (SFTP) with username/ password authentication. Individual user access to the mail adapters can be restricted using a configurable list of email addresses on the inbound adapter.
The configurable list can be used to enforce an inclusive set of users (i.e., those allowed to send), or an exclusive list of users (i.e., those restricted from sending).
Certification and Accreditation (C&A)
Trusted Mail System utilizes the certified and accredited Trusted Gateway System as the transfer guard between email adapters to provide a secure boundary between different classification levels. Trusted Gateway System is on the US UCDSMO Baseline list of approved cross domain solutions and is widely deployed in operational systems around the world. Trusted Gateway System is engineered to satisfy cross domain security requirements for the Top Secret/SCI and Below Interoperability (TSABI) and Secret and Below Interoperability (SABI) certification and accreditation processes.
Trusted Mail System enables secure, policy-enforced exchange of email and attachments between users on different networks allowing use of a single inbox for all email activity. The ability to use a single inbox increases productivity for those who require access to multiple email clients residing on different networks at varying classification levels. Utilizing the US UCDSMO Baseline listed Trusted Gateway System as the cross domain guard ensures that users can securely exchange email between multiple email systems without the risk of transferring malicious data or unintentionally transferring sensitive data.
Forcepoint secure information sharing solutions are designed to enable secure access and transfer of sensitive information for government, intelligence community, civilian, and corporate entities in the US and around the globe, including 5 Eyes nations and NATO member countries. Forcepoint’s secure information sharing solutions continue to strike the right balance between information protection and information sharing – a vital component to enterprise security.
Trusted Mail System Architecture
Download the Forcepoint Trusted Mail System Datasheet (.PDF)