X-Protective-Marking suggestions for OFFICIAL:Sensitive differ from EPMS - Githubissues

ASD-Blueprint / ASD-Blueprint-for-Secure-Cloud

Website for ASD's Blueprint for Secure Cloud

Other

65 stars 21 forks source link

X-Protective-Marking suggestions for OFFICIAL:Sensitive differ from EPMS #29

Open JamesGreenhalgh opened 3 months ago

JamesGreenhalgh commented 3 months ago

Hi,

I'm referring to the "add-pspf-x-header-and-subject-marking" page: https://blueprint.asd.gov.au/configuration/purview/data-loss-prevention/policies/add-pspf-x-header-and-subject-marking/

There are several sections recommending putting "SEC=OFFICIAL-Sensitive" in the email headers. For example:

However, this differs from 2018.6 (referenced in the header itself: Source: https://www.protectivesecurity.gov.au/system/files/2024-02/annex-f-policy-8-classification-system.pdf)

Properly secured email systems should reject these emails as the headers are considered malformed and do not match the EPMS document.

Ange797 commented 2 months ago

Hi @JamesGreenhalgh Thanks for reaching out and providing feedback on ASD's Blueprint for Secure Cloud.
We've added it to our list of fixes/updates for consideration and correction in an upcoming release of the Blueprint. Please continue to reach out if you have any further feedback or enquiries.