Implementation of TLS Certificate on E-mail Gateways
July 29, 2013
6464
The Presidents/Chief Executives,
All Banks/DFIs/Microfinance Banks,
Dear Sirs/Madam,
Implementation of TLS Certificate on E-mail Gateways
State Bank of Pakistan has decided to implement Transport Layer Security (TLS) certificates on its e-mail gateways with the aim to protect confidentiality and integrity of its e-mail communication with banks and other financial institutions in Pakistan and to mitigate information security risks. TLS is a protocol that provides communication security over the internet by encrypting e-mail messages between servers at both ends of a communication channel and reduces risks like spoofing and tampering associated with e-mail communication.
In order to ensure end-to-end e-mail communication security, financial institutions are advised to implement TLS certificates on their e-mail gateways so that e-mail communication between banks and with SBP is carried out in a secure environment. Financial institutions shall report compliance of the same to BP&RD as per the timelines given at Annexure A.
It may be noted that TLS is a standard protocol; therefore, financial institutions can opt for any standard-compliant brand of TLS certificate available in the market depending on their feasibility and convenience.
Yours sincerely,
Shaukat Zaman
Director
Circulars
Home — Circulars — BPRD Circular No. 05
Implementation of TLS Certificate on E-mail Gateways