Using Secure/Multipurpose Internet Mail Extension
S/MIME 2.0 required the use of weaker cryptography (40-bit keys) than is approved for use in these guidelines. Version 3.0 was the first version to become an IETF standard.
Organisations choosing to implement S/MIME should be aware of the inability of many content filters to inspect encrypted messages and attachments for inappropriate content, and for server-based antivirus software to scan for viruses and other malicious code.
When using ICT equipment or software that implements S/MIME, security controls for using AACPs also need to be consulted in the ASD Approved Cryptographic Protocols section of these guidelines.
Security Control: 0490; Revision: 3; Updated: Sep-18; Applicability: O, P, S, TS
Versions of S/MIME earlier than 3.0 are not used.
Further information on S/MIME can be found in IETF RFC 8551, Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification, at https://tools.ietf.org/html/rfc8551.