Welcome Visitor: Login/Register

CoCo Compliance, GC Mail and janusSEAL

Simple compliance with real benefits for users

UK flagLocal Authorities in the United Kingdom (UK) can connect to the Government Connect Secure Extranet (GCSX) provided that have achieved Code of Connection (CoCo) compliance.

There are many aspects to CoCo compliance but several of the technical requirements are quickly and easily achieved using products in the janusSEAL suite.

A janusSEAL solution allows Local Authoritities to apply the UK's Government Protective Marking System, comply with relevant parts of the CoCo requirements, and simplify staff's use of the GC Mail system of the GCSX network.

 

What are Protective Markings and why are they useful?

SECRET stampA Protective Marking, as the name implies, is a marking on a document or piece of information which identifies the confidentiality requirements of the information. It also conveys those protective requirements to all those who handle it. Protective markings are also known as security classification labels.

It is the ease with which other people and (in the electronic information space) other IT systems can interpret and understand the protective marking that shows their benefit.

 

Her Majesty's Government mandates use of Protective Markings on information assets

The use of protective markings in the UK government is defined in Her Majesty's Government Security Policy Framework (SPF) in which it is mandated that "Departments and Agencies must apply the [Government] Protective Marking System...".

See this page for more information on janusSEAL solutions for complying with the protective marking requirements of Her Majesty's Government Security Policy Framework.

 

Local Authorities connecting to GCSx must place protective markings on e-mail messages

Government ConnectThe Government Connect programme provides a secure government network between central government and Local Authorities (LAs) in England and Wales. The Government Connect Secure Extranet (GCSX) enables connectivity at the RESTRICTED level to the majority of central departments and many other public sector organisations and some commercial organisations.

The Code of Connection (CoCo) is a list of security requirements with which all LAs must comply before they can connect to GCSX. CoCo security requirements which pertain to protective markings include:

  • "Employees of the organisation who handle information carrying a protective marking of RESTRICTED MUST be made of aware of the impact of loss of such material and the actions to take in the event of any loss."
  • "Audit logs recording user activities, exceptions and information security events MUST be produced to assist in future investigations and access control monitoring."
  • "E-mail MUST not be automatically forwarded to a lower classification domain."
  • "The mail client or user SHOULD add a warning to each e-mail to the effect that all communications sent to or from their organisations may be subject to recording and/or monitoring in accordance with relevant legislation."
  • "The mail client or user MUST add security labels to each email that carries a protective marking of PROTECT or higher."

 

What is the GC Mail system of the GCSX?

GC Mail is a secure email system that uses the GCSX as the network over which more sensitive information can be exchanged via email between Local Authorities, and with central government departments and agencies.

GC Mail is not a replacement of the existing email systems used by staff in Local Authorities. Instead it is a security enhancement that allows them to send information via email up to RESTRICTED level, provided the recipient(s) is also connected to GCSX. GC Mail permits this by dedicated routing of information over the GCSX network. This routing is achieved by the sender using a different email address for the recipient.

So, if Alice working at MyCouncil wants to send a PROTECT or RESTRICTED email to Bob working at OtherCouncil she has to use a special email address of Bob's. Instead of the normal bob@othercouncil .gov.uk she must use bob@othercouncil.gcsx.gov.uk. By using this address the email is guaranteed to be sent via the GCSX network rather than the public Internet.

Simple representation of GCSX and GC Mail flow

 

How does janusSEAL help to achieve CoCo compliance?

A simple solution to comply the protective marking requirements of the HMG Security Policy Framework and those of CoCo is to:

  • deploy janusSEAL for Outlook software to all staff desktops in the Local Authority
  • configure janusSEAL for Outlook on all staff desktops using the pre-made configuration templates based on the UK Government Protective Marking System

In more advanced deployments the Local Authority would also use other janusSEAL products and janusNET's expert knowledge to enable protective marking capability at a wider range of email clients and devices, such as:

  • deploy janusSEAL for OWA to all Microsoft Exchange servers in the Local Authority with Outlook Web Access (OWA) enabled; this will allow senders to protectively mark emails sent from any web browser using the OWA system.
  • deploy janusSEAL for Pocket Outlook to all Windows Mobile 5 and 6 devices; this will allow senders to protectively mark emails sent from Pocket Outlook on Windows Mobile.
  • configure message classifications on BlackBerry Enterprise Server; this will allow senders to protectively mark emails sent from BlackBerry devices with no additional software required.

Deploying janusSEAL in these ways in the Local Authority makes it easy for them to comply with the protective marking requirements of HMG SPF and CoCo by:

  1. HMG SPF - ...must apply the Protective Marking system...
    janusSEAL is easily configured to use the GPMS (Government Protective Marking System) and ensures electronic information assets such as e-mail messages, meeting requests, assigned tasks and Microsoft Office files have protective markings. janusSEAL is supplied with a pre-made configuration template which complies with the Government Protective Marking System; it is also available for download from our forums area.
  2. CoCo - Employees...who handle...RESTRICTED must be made aware of the impact of loss of such material...
    janusSEAL includes tooltip and help information to assist users on which security classification to use. The help system is fully extensible so that help pages on intranet servers can be quickly accessed.
    janusSEAL for Outlook classification dialog with GPMS
    janusSEAL for Outlook's On Send Classification Dialog prompting the sender to apply a security classification to the message. janusSEAL for Outlook has been configured with the 'factory supplied' GPMS security classification schema. The sender has hovered their mouse over the RESTRICTED security classification so janusSEAL is showing the (configurable) tooltip for this classification.

  3. CoCo - Audit logs recording user activities, exceptions and information security events must be produced... 
    janusSEAL can be configured to record audit information to the local Event Log system. These logs can be collated for centralised analysis and incident management.
  4. CoCo - E-mail must not be automatically forwarded to a lower classification domain.
    Having janusSEAL apply protective markings to e-mails work in conjunction with appropriately configured e-mail gateways ensures e-mail messages cannot be sent to a lower classification domain, user generated or automatically forwarded. Further, by using janusSEAL for Outlook's SafeDomain Extension a sender is unable to send a message to a lower classification domain from their desktop:
    SafeDomain preventing sending to a lower classification domain
  5. CoCo - The mail client...should add a warning to each e-mail...   
    janusSEAL can be configured to add text to the end of an e-mail message. This text can include the security classification as well as other text such as a disclaimer. janusSEAL can be configured to use different text depending on the security classification of the sent message. For example, the disclaimer for an UNCLASSIFIED message could be different to that of a RESTRICTED message.
  6. CoCo - The mail client ... adds security labels to each email ...
    janusSEAL's core functionality is to ensure senders apply a security classification to all e-mails they send. Once the security classification has been specified by the sender janusSEAL inserts it as one or more protective markings (security labels) in the message based on its configuration:
    janusSEAL for Outlook message read view
    An example message containing a number of protective markings (security labels) as set by janusSEAL for Outlook. Some of these protective markings are visible to the recipient as seen here, and others are designed for use by other IT systems like the Internet message extension headers (metadata fields).

 

How does janusSEAL help staff to use the GC Mail system?

The janusSEAL solution achieves technical compliance with the protective marking requirements of HMG SPF and CoCo, but the solution can be further enhanced to simplify daily tasks for staff.

This enhancement comes in the form of janusSEAL for Outlook's SafeDomain Extension. This is an add-on for janusSEAL for Outlook that extends its feature set in ways which make using the GC Mail system and complying with CoCo much simpler for staff:

  • PROTECT or RESTRICTED messages are automatically routed to GCSX, even if the sender puts in the public email address of a colleague at another Local Authority on GCSX
  • PROTECT or RESTRICTED messages are prevented from being sent to recipient(s) not on the GCSX; such addresses are removed from the recipient list of the message (after informing the sender)
  • Email distribution groups are expanded and analysed to ensure PROTECT or RESTRICTED messages are not sent via the Internet

By deploying janusSEAL for Outlook SafeDomain Extension to all staff desktops, the staff are able to have a single mailbox and associated Outlook profile on a single Exchange Server that holds both their UNCLASSIFIED level emails as well as PROTECT and RESTRICTED. They do not require two mailboxes on one or more Exchange Servers as some other solutions require. The SafeDomain Extension assures that sensitive information is not accidentally leaked over the public Internet without the need for the separated mailboxes.

janusSEAL for Outlook SafeDomain Extension also provides cost savings to the Local Authority. It halves their administration costs over a dual mailbox single Exchange server approach and results in further license savings over a dual mailbox dual Exchange server approach.

Below is a screencast demonstrating some of the features of janusSEAL SafeDomain Extension and how they simplify use of the GC Mail system for senders.

 

Get the whitepaper

This page is an abbreviation of a whitepaper janusNET has written on using janusSEAL in Her Majesty's Government. If you would like a copy of the whitepaper you can request it from this page.

 

Evaluate janusSEAL

To obtain a fully working evaluation version of a janusSEAL product click here.

Contact janusSEAL's Distributors in the UK

Softek is the authorised distributor for the janusSEAL products in the United Kingdom and Ireland.

  • call: 08456 443 911
  • e-mail:
  • web: http://www.softek.co.uk/

 


Level 5, 75 Miller St
North Sydney NSW 2060 Australia
ABN: 80 112 197 690

Australia: 1300-795-078
International: +61 2 9962 8141
info@janus.net.au