Skip to Content

Notice

National Protection and Programs Directorate; Notification of Issuance of Binding Operational Directive 18-01

Document Details

Information about this document as published in the Federal Register.

Document Statistics
Document page views are updated periodically throughout the day and are cumulative counts for this document including its time on Public Inspection. Counts are subject to sampling, reprocessing and revision (up or down) throughout the day.
Enhanced Content

Relevant information about this document from Regulations.gov provides additional context. This information is not part of the official Federal Register document.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

National Protection and Programs Directorate, DHS.

ACTION:

Issuance of a binding operational directive; notice of availability.

SUMMARY:

To safeguard Federal information and information systems, DHS has issued a binding operational directive (BOD) to all Federal, executive branch departments and agencies relating to enhanced email and web security. The BOD requires agencies to take specific actions on their information systems to improve email and web security. DHS is publishing this notice of availability to provide awareness of the BOD.

DATES:

Binding Operational Directive 18-01 was issued on October 16, 2017.

ADDRESSES:

The text of Binding Operational Directive 18-01 is available at https://cyber.dhs.gov. Submit any inquiries about this notice of availability to BOD.Feedback@hq.dhs.gov.

End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

The Department of Homeland Security (“DHS” or “the Department”) has the statutory responsibility, in consultation with the Office of Management and Budget, to administer the implementation of agency information security policies and practices for information systems, which includes assisting agencies and providing certain government-wide protections. 44 U.S.C. 3553(b). As part of that responsibility, the Department is authorized to “develop[] and oversee[] the implementation of binding operational directives to agencies to implement the policies, principles, standards, and guidance developed by the Director [of the Office of Management and Budget] and [certain] requirements of [the Federal Information Security Modernization Act of 2014.]” 44 U.S.C. 3553(b)(2). A BOD is “a compulsory direction to an agency that (A) is for purposes of safeguarding Federal information and information systems from a known or reasonably suspected information security threat, vulnerability, or risk; [and] (B) [is] in accordance with policies, principles, standards, and guidelines issued by the Director[.]” 44 U.S.C. 3552(b)(1). Agencies are required to comply with these directives. 44 U.S.C. 3554(a)(1)(B)(ii).

Overview of BOD 18-01

In carrying out this statutory responsibility, the Department issued BOD 18-01, titled “Enhance Email and Web Security.” For email security, the BOD requires agencies to take specific technical actions to ensure that agency email can be encrypted in transit and is more difficult to spoof. For web security, the BOD requires agencies to take specific technical actions to ensure publicly accessible Federal Web sites and services are provided through secure connections. Across both topics, the BOD requires that agencies disable and discontinue use of certain, vulnerable ciphers and Secure Socket Layer configurations.

Start Signature

Jeanette Manfra,

Assistant Secretary, Office of Cybersecurity and Communications, Department of Homeland Security.

End Signature End Supplemental Information

[FR Doc. 2017-23317 Filed 10-25-17; 8:45 am]

BILLING CODE 9110-9P-P