MGS
What is MGS?
The Defense Message System (DMS) has both High
Grade (HG) and Medium Grade Service (MGS). MGS provides secure individual
messaging capability for sensitive but unclassified e-mail. MGS capability
is provided with interoperable commercial off-the-shelf (COTS) e-mail
that uses Department of Defense (DoD) Public Key Infrastructure
(PKI) medium assurance certificates for signature and encryption.
As a component of the DMS, MGS defines the security settings for
administrators and end users and provides secure, interoperable
messaging in an open, multi-vendor environment. It harnesses the
enterprise-level functionality of the Global Directory Services
(GDS) Directory to facilitate secure, interoperable, and authentic
communications between any two individuals in the Department of
Defense.
MGS works in coordination with selected enterprise-level
directories using commercial Internet standards such as Lightweight
Directory Access Protocol (LDAP), Secure Multipurpose Internet Mail
Extension (S/MIME) for data encryption and digital signatures and
Hypertext Transfer Protocol (HTTP), and Hypertext Transfer Protocol
Secure (HTTPS) to download and retrieve PKI Class 3 certificates,
and Simple Mail Transfer Protocol (SMTP) for messaging services
to communicate between MGS clients.
MGS provides the appropriate messaging grade of
service and security level of assurance to support the messaging
needs of the DoD Community with its varying operational environments.
MGS Testing
An integral component of MGS is correctly relaying any COTS interoperability
issues when sending/receiving secure messages. Rigorous testing
of various COTS messaging packages and their respective upgrades
are executed from varying levels of hardware and software environments.
Testing is done on a case-by-case basis involving multiple client-server
configurations and using S/MIME requirements documentation as a
foundation for comparison to the actual COTS product performance,
as well as verification to the S/MIME Version 3 standard. MGS testing
verifies the correct secure messaging functionality when using software
based X.509 signature and encryption certificates as well as certificates
on the Common Access Card (CAC). MGS also tests the functionality
and productivity of support tools that can aid in providing MGS
capability to individuals in the DoD community.
For more information about testing procedures and results, please
visit the DoD PKE website.
MGS Documents
A series of Quick Reference Guides have been developed to assist
end users with the registration, installation, and use of DoD PKI
Release 3 identity and e-mail certificates, as well as installation
and configuration of smart card readers and middleware for use with
the DoD CAC.
All of The MGS Documentation can be found by going to the DoD
PKE website.
Note: One must have valid PKI certificates and register
with the site before attempting any downloads.
IECA
Interim External Certificate Authorities (IECAs) provide digital
certificates to the DoD's private industry partners, contractors
using their own equipment or working in non-government facilities,
allied partners, and other agencies. There are currently three IECAs,
which individually issue certificates from their own CAs. The three
separate root certificates from these IECAs are to be trusted by
DoD systems. After downloading and installing IECA certificates,
non-government entities may then transmit secure e-mail as well
as perform other online transactions with their government counterparts.
There are currently three IECA vendors that are authorized to provide
non-DoD personnel with certificate services. For more information
on the services offered by each vendor, please refer to the websites listed below.
Contractors selected to do business with the DoD must follow the
IECA registration process.
To view an illustration of the entire registration process, please
go to the DoD PKE website.
|