About the Cisco Registered Envelope Service (CRES)

Indiana University uses the Cisco Registered Envelope Service (CRES) to provide protection of certain sensitive information when it leaves the IU network. IU (including the IU Health Sciences community) uses the Cisco Data Loss Prevention appliance (IronPort) to encrypt email containing certain sensitive data, including identifiable medical, personal, and financial information; see About sensitive data at IU and About protected health information (PHI).

All outbound messages from IU mail servers to external recipients are scanned for certain potentially sensitive information; if the scan determines that the message is likely to contain sensitive data, it is encrypted, and the recipient is sent email with instructions for accessing and reading the message (see Read a CRES-encrypted message or Read a CRES-encrypted message received at your Gmail at IU account).

  • Only outbound mail is affected. This includes mail that originates on Exchange (including OWA); it does not include mail from Gmail at IU. Mail that stays within the IU network (for example, from one Exchange user to another) is not affected, while mail from IU systems to Gmail at IU may be encrypted.
  • Mail scanning is automatic. All relevant messages are scanned, and will be encrypted if they are found to contain protected types of information. However, you may ensure that your message will be encrypted by including [Secure Message] (case insensitive, with square brackets) in your subject line; see Ensure that mail sent from your Exchange account to an outside address is encrypted by CRES.
  • Attachments are encrypted. If an email message or any of its attachments are found to contain sensitive data, the message and all attachments are encrypted. However, not all file types can be scanned and therefore trigger automatic encryption; if you send any type of message or attachment containing sensitive data, you should force encryption by including [Secure Message] (case insensitive, with square brackets) in your subject line as above. Note that attachments over 10 MB cannot be encrypted and sent by CRES; see Email message size limits.
  • Each recipient address only needs to register once. This means that mailing lists that receive an encrypted message can only be registered by the first person to do so. See View a CRES-encrypted message sent to a mailing list.
  • You can manage secure messages after they have been sent. By registering your IU email address with CRES, you can lock and unlock sent messages, or add or remove expiration dates. See Prevent a recipient from reading a secure, CRES-encrypted message you have sent.
  • You can forward and reply to messages securely. By forwarding or replying from within CRES, you can ensure that the sensitive content remains secure; see Replies and forwarding for CRES-encrypted messages.

For more about CRES, see Cisco's About Registered Envelopes and Registered Envelope Help pages. You can also click Help when on the Cisco site to read context-sensitive help.

If you have problems reading an encrypted message, see If you can't read a CRES-encrypted message or contact your campus Support Center.

If your outbound email message was encrypted and you don't think it should have been, see If IronPort encrypts your outbound email.

This is document bbtq in the Knowledge Base.
Last modified on 2019-11-19 10:07:30.

Contact us

For help or to comment, email the UITS Support Center.