BSI TR-03108 Secure Email Transport
Today, communication takes place predominantly digitally. Email still is one of the most widely used communication services. Secure Email Transport protects your emails from person-in-the-middle attacks like eavesdropping and manipulation.
The Technical Guideline 'Secure Email Transport' (BSI TR-03108) defines verifiable requirements for an Email Service Provider. The goal of the Technical Guideline (TR) is to increase comparability and adoption of secure email communications. It allows an 'Email Service Provider' or 'Provider of an Email Service within its Organization' to provide evidence on reaching the predefined level of security.
Ideally the measures for Secure Email Transport are complemented by Email Authentication. For this purpose the Technical Guideline BSI TR-03182 Email Authentication was released.
Conceptual Overview of BSI TR-03108 and BSI TR-03182:
Current versions
| Document | Title, Version |
|---|---|
| BSI TR-03108-1 | BSI TR-03108-1 Secure Email Transport, Version 1.0.2 |
| BSI TR-03108-2 | BSI TR-03108-2 Testspecification, Version 1.0.1 |
| Schemadateien | Schemadateien zur BSI TR-03108-2, Version 1.0.1 |
| BSI TR-03108 | BSI TR-03108 Secure Email-Transport, Version 2.0 |
| BSI TR-03108-P | BSI TR-03108-P Testspecification, Version 2.0 |
| Schemadateien | Schemadateien zur BSI TR-03108-P, Version 2.0 |
IT Security Label
In addition to the certification procedure described below, the Technical Guideline is also the underlying standard for the product category "email services" of the IT Security Label. Service providers can receive the BSI IT Security Label for their email services upon application after assuring their products conformity with TR-03108.
The IT Security Label currently bases on TR-03108-1 version 1.0.2 and the associated test specification TR-03108-2 version 1.0.1. Yet, we recommend parties interested in the IT Security Label to orientate themselves already towards the new version. This is backward compatible with the current version and may be a baseline requirement in the future.
If you have any questions, please contact us by email: it-sicherheitskennzeichen@bsi.bund.de
For further information on the IT Security Label, technical requirements and the application process please check the BSI website. A list of labels which have already been issued in the product category "email services" is available online at www.bsi.bund.de/it-sik-suche.
Certification
Certification of an email service can provide independent proof of compliance with the requirements of the Technical Guideline (TR-03108, version 2.0). The TR-03108 (version 2.0) and the test specification (TR-03108-P, version 2.0 and the associated schema files) are the underlying standards for the certification procedure.
Providers who are interested in certification can contact the BSI directly. Further information and contact details are published under Product certification according to technical guidelines.
Recognition of testing laboratories
Conformity tests within the framework of certification procedures in accordance with TR-03108 are carried out by testing laboratories approved by the BSI. Information on the requirements and the procedure for recognition as a testing laboratory can be found under Application for accreditation as a testing laboratory.
Contact
For any questions concerning the Technical Guideline or if you are interested in the subject of „Secure Email Transport“, contact e-mail-trsp@bsi.bund.de Please use one of the following public keys for encrypted contact.
S/MIME-certifikate
Fingerprint: 6A27 4A26 51DA 5170 D3BC C1E1 B752 D86E 822B 8746
Fingerprint der Wurzelzertifikate
Public GPG key
Fingerprint: 3770 6179 16B0 A5C1 B9BA D64D 7F7A 0D98 DE86 99E4
- Short URL:
- https://www.bsi.bund.de/dok/TR-03108-en