This time last year, the Department of Homeland Security (DHS) made a commitment to the American people: it should not be easy to impersonate the federal government through spoofing-related phishing campaigns. Today, we announced that we have reached the one-year milestone for Binding Operational Directive (BOD) 18-01: a vast majority of the federal community are meeting critical web and email security enhancements. Throughout the year, the DHS team has been accelerating progress, conducting hundreds of agency exchange meetings and establishing a collaborative, public-facing website to support this cross-government effort and further advance federal website and data integrity.
DHS saw the strongest level of email authentication enforcement through Domain-based Message Authentication, Reporting and Conformance (DMARC) adoption increase by eight times across the federal civilian government—making the Federal government a leader across all sectors in DMARC use and email authentication. BOD 18-01 was also critical step in addressing one of the federal government’s greatest and ongoing challenges, phishing, and we are continuing to take steps to combat this pervasive threat.
While a majority of the federal government anticipates meeting all of the BOD deadlines today, DHS still has work to do to ensure a successful and enduring implementation of these critical security enhancements. Encouraged by progress but always with an eye towards an unflinching adversary, we will not relent in our mission of safeguarding information systems for the Federal IT Enterprise and, most importantly, the American people.