Information may be electronically communicated from a sender to a recipient via electronic mail (“email”). Certain emails may be designated classified, private, or otherwise confidential. For example, classified emails may communicate sensitive information that, by law, only particular classes of persons may access, such as information pertaining to national security. Private email may communicate information that an individual or entity considers sensitive, such as medical records or financial records.
Email designated as classified, private, and/or confidential may be subject to various policies designed to protect and defend information and information systems. For example, information assurance policies may ensure the availability, integrity, authentication, confidentiality, and non-repudiation of the information and information systems. Certain information assurance policies may be implemented using commercial-off-the-shelf (COTS) components. COTS components, however, may fail to provide a full complement of information protection methods and, thus, may fail to enforce the information assurance policies sufficiently to satisfy auditors. Additionally, installing, integrating, and configuring COTS components may be time consuming and/or costly. Furthermore, the performance of email systems assembled from COTS components may vary from system to system. Accordingly, email systems assembled from COTS components require individual accreditation.