Regulatory Open Forum

 View Only

  • 1.  Setting up S/MIME encryption with the FDA

    Posted 24-Nov-2018 05:52

    Dear RAPS members,

     

    I would like to open a discussion with setting up S/MIME encryption with the FDA.

    The CBER requires setting up S/MIME encryption with the FDA.

    I would like to share such experience with other members.

     

    Thank you,

     

    Yoram

    Qsite Logo

    Qsite

    Tel (972)4 638 8837 Fax (972)4 638-0510

    Cell (972)52 279 2871

    Qsite US (512)535-4930, (561)277-8257

     



  • 2.  RE: Setting up S/MIME encryption with the FDA

    Posted 25-Nov-2018 07:26
    The Agency has a second way to encrypt. " Secure SMTP over TLS encryption
    a. Secure SMTP over TLS encryption (RFC3207) is far simpler to setup from the
    user perspective.
    • The configuration is done at the email server level and only involves your
    email administrator.
    • It will be your email administrator's responsibility to ensure all the
    intermediate links between your infrastructure and the FDA (and vice-
    versa) are TLS encrypted.
    • Everyone at your organization will be able to send email securely to the
    FDA.
    • A one year DigiCert SSL certificate is $175. A three year certificate is
    $420.

    • If your organization's email system is all internal, then total setup time is:
    - Certificate purchase and receipt is typically one to two days as the provider
    may need to perform verification.
    - Certificate installation and TLS setup with a knowledgeable email
    administrator is a couple of hours and a few emails.
    If parts of your organization's email system are outsourced, then setup time may be considerably longer as coordination with a third party and multiple links are involved.




    ------------------------------
    Timothy Kline, Ph.D., RAC

    ------------------------------

    Original Message


  • 3.  RE: Setting up S/MIME encryption with the FDA

    Posted 26-Nov-2018 01:50
    Thank you Timothy for your fast response,
    I read this second option in the FDA guidance.
    This option is good for a bigger organization.
    We are a small organization with outsourced email administration so we will better use the single user option.
    I will wait for a comment about setting up S/MIME encryption with the FDA for single user.

    Yoram

    ------------------------------
    [Yoram] [Levy]
    [General Manager]
    [Qsite]
    [Binyamina]
    [Israel]
    ------------------------------

    Original Message


  • 4.  RE: Setting up S/MIME encryption with the FDA

    Posted 26-Nov-2018 08:19
    I am at a small organization (20 employees) and we are encrypted at the Exchange server level. I had past experience with certificate-based encryption and it was a difficult process at best. Maybe it was due to the IT team competence, but I was so happy when I learned that it was an easy process for our outsourced IT group to set up server level process. One absolute benefit is that because the communication encryption is at the server level I can read FDA emails on my phone!! Certificate-based encryption was not secure on smart phones, based on my previous experience.

    ------------------------------
    Glen Park
    Jersey City NJ
    United States
    ------------------------------

    Original Message


Related Content