How to maintain secure encryption of email communication with FDA?

How to communicate with FDA Keep email communications secure 、 open , To solve this problem, we must first understand FDA Regulations on mail communication , Then do a good job in e-mail security and compliance , Ensure that the enterprise and FDA Communication security ！

since 2018 year 10 month 1 The date of , External entities and FDA Conduct CBER Regulatory communications must be securely encrypted .

So how to achieve and FDA Keep email communication secure and encrypted ？FDA Two solutions were provided at the workshop ： One is to use S/MIME certificate , The other is to enable... Based TLS/SSL Security protocol SMTP.

S/MIME Introduction to e-mail security scheme

Want to be with FDA Realize mail secure communication , Optional S/MIME Certificates digitally sign and encrypt e-mail . The sender can choose signing and encryption before sending the message , When FDA The intended recipient decrypts this message using the paired private key . adopt S/MIME The certificate can ensure that the mail will not be peeped and tampered during the whole transmission process , Satisfy FDA Compliance requirements for mail security encryption .

use S/MIME Certificate solution you need to have three conditions ：

1. One or more email addresses with unique domain name suffixes ;（ notes ：Comcast.net, Verizon.net, or http://AOL.com etc. ISP The email address provided by the mailbox service provider cannot be protected . Again , Free email service , Such as http://Gmail.com、http://Yahoo.com or http://ME.com And other e-mail addresses can't be protected .）

2. A mailbox client that supports mail encryption certificates , Such as Outlook, Encrypted mail client ;

3. One by trusted CA Digital certificates issued , namely S/MIME Mail certificate [1];

Be careful ： at present FDA Officially recommended S/MIME Certificate has Sectigo, Digicert etc. ,S/MIME The certificate shall meet SHA256 And above signature algorithms , Self signed certificates are not supported .

The other thing to say is , a sheet S/MIME Certificates protect only one email address at a time . therefore , From the end user's point of view ,S/MIME The certificate is configured 、 Use and maintenance are a little more complicated , And the reason is that ：

S/MIME Certificates usually need to be renewed annually or every three years . When a new certificate is installed on your mailbox client , Its certificate public key must also be provided to FDA.

The old certificate must also remain on your client , Easy to decrypt and read previous emails .

If you need more than one FDA Mailbox for secure communication , You need to get these through the established process FDA The certificate public key corresponding to each mailbox .

In order to be readable on mobile devices S/MIME Encrypted mail , You also need to install this certificate on the device .

S/MIME Mail security certificate advantages

Simple installation . You can configure it yourself , install S/MIME certificate , There is no need for the operation of the mail Administrator .

End to end encryption .S/MIME Certificate solutions enable end-to-end encryption . The mail message is sent from your mailbox client to FDA Of S/MIME The whole process of firewall is encrypted . Besides , Whatever is stored in your mailbox is sent to FDA My email still received FDA Your emails are also securely encrypted . therefore , Even if your email is stolen , E-mail messages are encrypted as well , Others still can't read the content .

The cost is low . One user uses one S/MIME Mail Security Certificate , The cost of one year only starts from 100 yuan .

Enable TLS/SSL Protect SMTP Introduction of the plan

Make sure you and FDA Another solution for secure communication between e-mails is to install a business class on the mail server or host TLS/SSL certificate , Such as Sectigo, Digicert etc. CA certificate , Protect SMTP domain name . The installation configuration only needs to be handled by the mailbox administrator . Using this solution can ensure that your infrastructure （ E.g. mail server ） And FDA Security of data transmitted between 、 encryption , Avoid man in the middle attacks to intercept your messages . This scheme needs to be connected with FDA Complete the necessary tests . Once the installation is successful , Enable SSL The certificate will protect SMTP All email addresses ending with the domain name under the domain name .

Be careful ： Do not use self signed certificates or private certificates CA Signature certificate . Besides , Whether it's the internal mailbox system , Both external and managed mailboxes must be deployed SSL certificate , To ensure the security of mail communication .

If it is the internal mail system of the enterprise , Buy from certificate 、 verification 、 Issue 、 Obtaining may require 1-3 Time of day , Then it will take a few hours to complete the certificate configuration installation and testing （ Administrators and FDA Mail testing between secure mail teams ）.

If the enterprise mailbox is hosted by a third party , Such as cloud mailbox service , It may take more time to complete the certificate configuration , Because this process needs the coordination and help of a third party .

Mail server SSL Certificate advantages

Save money and time . After successfully configuring the certificate , Your entire email address is secure . If necessary, contact FDA There are a large number of mailbox users for secure communication , Select mail server certificate （ namely SSL certificate ） It will greatly reduce the certificate purchase cost and configuration time .

No end user involvement is required . All certificate configuration steps are performed on the mail server , No end user involvement is required . Besides , End users can send mail as usual , No other operation is required , Enterprise mail infrastructure and FDA The data transmitted between will be automatically encrypted .

S/MIME Certificate and mail server SSL Certificate comparison

According to the two solutions described above , You can see their differences , As shown in the figure below .

S/MIME Encryption process and SSL Comparison chart of certificate encryption process

in general ,S/MIME Certificates are harder to maintain . However , It can provide end-to-end encryption , Protect message content from sender's client to FDA S/MIME Firewalls are secure and encrypted , And only these endpoints can decrypt read information . Besides , The encrypted messages saved in the mailbox are still encrypted , Even if the message is stolen , The attacker cannot decrypt .

And use SSL Certificate protection SMTP The configuration process of domain name is simpler , Especially for those who need a lot of email addresses and FDA Communication enterprises . However , It should be noted that MTA（ Message transfer agent ） Every jump between needs to be in TLS/SSL Under protection . Besides , This scheme only ensures data security and encryption during transmission , Mail stored in mailbox （ At rest ） Not protected by encryption .

in summary , Enterprises can choose suitable products according to their own needs FDA Mail security solutions . Of course , If you want the perfect solution , You can combine the two , That is, deploy... On the mail server SSL certificate , Ensure that messages are not blocked 、 peep , Then install... On the enterprise employee mailbox client S/MIME The e-mail certificate ensures that the e-mail content is securely encrypted both in the transmission process and in the static state , In this way, it can meet FDA Compliance requirements of , It can also protect you and FDA Mail communication security ！

As a leading e-mail security service provider in China , Wotong CA Independently developed the first free e-mail client with fully automatic encryption of e-mail —— secret letter (MeSign), The confidential mail client automatically applies for and configures the encryption certificate , There is no need for tedious operation , Send encrypted mail with one click . Do not change user habits , The encryption and decryption process is transparent and insensitive , Safe and convenient 、 Simple and easy to use ！ secret letter (MeSign) use S/MIME international standard , Use digital certificates to automatically sign 、 Encrypt every email , Make sure the sender's identity is trusted 、 The content of the email is safe all the way , Prevent confidential mail from leaking 、 Prevent phishing e-mail counterfeiting .

meanwhile , Wotong CA Provide multi brand S/MIME Mail security certificate and mail server SSL certificate , It can be customized according to your needs FDA S/MIME Email security PKI programme , Realization S/MIME Automatic certificate issuance , Automated Deployment and centralized management .

Mail certificate purchase operation guide

One 、https://my.mesign.com/zh-cn/buy?ptype=trustcert, Log in to the link in your browser ;

Two 、 For the first purchase, you need to create a login account and password , Not the first purchase, fill in the account number and password created before ;

3、 ... and 、 Choose the appropriate payment method ;

Four 、 In my order , Find global trust VP Mail certificate , Click on “ Retrieve certificate ”;

5、 ... and 、 Set the certificate protection password and fill in the certificate retrieval code received in the corresponding mailbox , Click on the submit ;

6、 ... and 、 Certificate retrieved successfully , download .pfx Certificate file ;

Reference resources

1. ^S/MIME Mail certificate price   Client digital certificate price list , Include PDF Document signing certificate 、 Unit client certificate 、 Personal client certificate 、 E-mail encryption and other price quotations - Price list of watcom client digital certificate !