To send or receive sensitive information within VA, you must set up encrypted email for your VA email address. The encryption is done via a key and certificate that is contained in your PIV card.

You must do this for each PIV you receive. Going through a PIV renewal means that you lose access to all of your old encrypted email.

Publish your certificate to the Global Address List (GAL)

From CAG or GFE, check to see if there’s a Publish My eMail certs script available by going to Start > Dept of Veterans Affairs > Publish My eMail Certs

If the menu option is not there, there's a knowledge base article (only works on CAG/GFE) on how to download the script and execute it.

Send encrypted email

To send an encrypted email:

  1. Open the Options tab on the new message window in Outlook and select Encrypt and Sign.

  2. Select Send.

  3. Input your PIV's PIN again. (Your PIV needs to stay inserted into the reader.)

Receive encrypted email

When receiving encrypted emails, some won't show up in the reading pane. Double-click the email to open it in a separate window and you will be prompted for your PIN to decrypt the message.