When it comes to industry regulations like ITAR and DFARS, the need for Secure Messaging is at the forefront of reaching and maintaining compliance. For the layman, Secure Messaging relies on a server-based approach that utilizes encryption standards. When a file or email is encrypted, it can only be read by someone who has the cryptographic key.
With end-to-end protection, the sender should also be equipped with a certificate encryption that ensures that the public key used belongs to the sender. This ensures that not only are e-mails safe from hackers, cyber-spies, and internal threats, but also provides proof of identity for those sending the e-mails.
Part of ITAR compliance entails that all phases of data transfer muse be secure, including sending, routing, and receiving. Under ITAR, end-to-end encryption requires “uninterrupted cryptographic protection of data between an originator and an intended recipient, including between an individual and himself or herself.” Also, the “means to access the data in unencrypted form is not given to any third party, including to any Internet service provider, application service provider or cloud service provider.” Through Secure Messaging features, the cloud data is never decrypted or re-encrypted before the recipient accesses the data.
With the RegDOX Secure Data Room Solution, Secure Messaging is built within the data room platform to keep users compliant through an X.509 certificate which includes:
- Version – which X.509 version applies to the certificate (which indicates what data the certificate must include)
- Serial number – the identity creating the certificate must assign it a serial number that distinguishes it from other certificates
- Algorithm information – the algorithm used by the issuer to sign the certificate
- Issuer distinguished name – the name of the entity issuing the certificate (usually a certificate authority)
- Validity period of the certificate – start/end date and time
- Subject distinguished name – the name of the identity the certificate is issued to
- Subject public key information – the public key associated with the identity
These features sufficiently provide proof of authentication. Through utilizing end-to-end encryption as well as the X.509 certificate within the Data Room, users of the data room can maintain compliance through a fully customizable interface and ease-of-use.
Here is a screenshot of what users receive in their inbox – they won’t receive the content of the message itself but a note saying “A message is awaiting you in a Secure Data Room”.
About RegDOX Solutions Inc.
Operating since 2007, RegDOX Solutions Inc. is a market-leading provider of highly intuitive SaaS solutions enabling customers to securely manage and collaborate on confidential documents and information, whether inside or outside of their IT environments. RegDOX® offers compliance options for the transference and storage of ITAR, DFARS, EAR, HIPAA, and Corporate technical data within the cloud through highly intuitive, feature-rich virtual data room solutions. In addition, RegDOX offers DFARS assessment services for contractors and subcontractors of the DoD.