Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1222
Views
0
Helpful
2
Replies

HIPAA

craigp
Level 4
Level 4

‎08-04-2011 03:01 PM

Hearing from some HIPAA consultant that if audited - your organization needs to prove

emails were sent encrypted (TLS or CRES).

What is eveyone else doing in regards to their message tracking in the C series?

If affected by HIPAA -- are you worried about this? If so, how are you handling it?

Labels:
0 Helpful
2 Replies 2

Christopher Smith
Level 4
Level 4

‎08-08-2011 01:45 PM

Greetings Craig,

I have not seen any other customers report an issues with this.  You should be able to confirm messages sent via TLS using message tracking or the mail logs.

Below are examples of successful and failed TLS connections:

Successful TLS connection from remote host (Receiving):
Wed  Jul 20 19:47:40 2005 Info: New smtp ICID 282204970 interface  mail.example.com (1.2.3.4) address 2.3.4.5 reverse dns host unknown  verified no
Wed Jul 20 19:47:40 2005 Info: ICID 282204970 ACCEPT SG None match   SBRS None
Wed Jul 20 19:47:40 2005 Info: ICID 282204970 TLS success
Wed Jul 20 19:47:40 2005 Info: Start MID 200257070 ICID 282204970

Failed TLS connection from remote host (Receiving):
Tue  Jun 28 19:08:49 2005 Info: New SMTP ICID 282204971 interface Management  (1.2.3.4) address 2.3.4.5 reverse dns host unknown verified no
Tue Jun 28 19:08:49 2005 Info: ICID 282204971 ACCEPT SG None match   SBRS None
Tue Jun 28 19:08:49 2005 Info: ICID 282204971 TLS failed
Tue Jun 28 19:08:49 2005 Info: ICID 282204971 lost
Tue Jun 28 19:08:49 2005 Info: ICID 282204971 TLS was required but remote host did not initiate it
Tue Jun 28 19:08:49 2005 Info: ICID 282204971 close

Successful TLS connection to remote host (Delivery):
Tue Jun 28 19:28:31 2005 Info: DCID 2386069 TLS success CN:
Tue Jun 28 19:28:31 2005 Info: New SMTP DCID 2386069 interface 1.2.3.4 address 2.3.4.5
Tue Jun 28 19:28:31 2005 Info: Delivery start DCID 2386069 MID 200257075 to RID [0]

Failed TLS connection to remote host (Delivery):
Fri Jul 22 22:00:05 2005 Info: DCID 2386070 IP 2.3.4.5 TLS failed: STARTTLS unexpected response

For HIPPA, this depends on what your doing to ensure HIPPA. If your using simple content filters then you would look to see if the messages in the mail logs that are related to HIPPA triggered the HIPPA filter. If your using DLP you would be looking for the DLP policy being triggered by the message or messages in question.

I hope that helps

Christopher C Smith

CSE
Cisco IronPort Customer Support

0 Helpful

craigp
Level 4
Level 4
In response to Christopher Smith

‎08-16-2011 09:03 AM

Chris -

Good information and I have used the message tracking function previously for checking the status of messages.

I am more concerned about the larger picture of the ediscovery process and how other companies impacted by HIPAA

are handling this.

What happens If your company is audited for an e-mail that was sent 6 months ago? Is it your responsibility to prove

it was sent via TLS or CRES? How long should the tracking logs be kept? How are people handling that?

Sort of looking for what the 'best practices' is for this.

0 Helpful
Customers Also Viewed These Support Documents