Communications Security

Organisational mails

Description Applications that communicate to end-users do so from an organisational domain and organisational email account. Specification All emails from organisational applications should be clearly recognisable as official by using...

Warnings on external communication

Description Communication coming from outside the organisation needs to be clearly distinguishable from internal communication with warnings that the originating party is from outside the organisation. This includes electronic messages...

Technical email security

Description IT components send emails to end-users using an email address ending in a top-level domain for which the organisation is legally responsible. Mailservers take measures to prevent the reception...

Email forwarding

Description Automatic forwarding of email to external addresses is denied-by-default. Specification Information does not automatically leave the organisation. If the individual has a legitimate organisational need to be reached after...

Encrypted connections

Description All data in transit is transferred over encrypted connections, using the encrypted versions of protocols or encapsulation of plaintext protocols over encrypted connections. Specification For TLS based protocols including...