Circulars

Implementation of TLS Certificate on E-mail Gateways

July 29, 2013
6464

The Presidents/Chief Executives,

All Banks/DFIs/Microfinance Banks,

Dear Sirs/Madam,

Implementation of TLS Certificate on E-mail Gateways

  1. State Bank of Pakistan has decided to implement Transport Layer Security (TLS) certificates on its e-mail gateways with the aim to protect confidentiality and integrity of its e-mail communication with banks and other financial institutions in Pakistan and to mitigate information security risks. TLS is a protocol that provides communication security over the internet by encrypting e-mail messages between servers at both ends of a communication channel and reduces risks like spoofing and tampering associated with e-mail communication.
  2. In order to ensure end-to-end e-mail communication security, financial institutions are advised to implement TLS certificates on their e-mail gateways so that e-mail communication between banks and with SBP is carried out in a secure environment. Financial institutions shall report compliance of the same to BP&RD as per the timelines given at Annexure A.
  3. It may be noted that TLS is a standard protocol; therefore, financial institutions can opt for any standard-compliant brand of TLS certificate available in the market depending on their feasibility and convenience.

Yours sincerely,

Shaukat Zaman
Director