The National Security Agency (NSA) released a guide on April 24 to help Federal agencies make decisions about which collaboration and video chat services to use during telework, as the government continues to adjust to mass telework orders.
The guidance, focused on the cybersecurity of commercially available collaboration tools, includes a “high-level security assessment” of each tool to help agencies identify both the risks and features associated with each tool.
“The intent of this document is not meant to be exhaustive or based on formal testing, but rather be responsive to a growing demand amongst the Federal government to allow its workforce to operate remotely using personal devices,” the document states.
When possible, NSA asserts, workers should be using the collaboration services unique to the Federal government offered by their agency and recommends that workers consult with agency IT support or the Office of the CIO for guidance.
The guidance ranks 13 services – including video conferencing platform Zoom that rose to prominence amid the pandemic – against nine security criteria aligned with National Institute of Standards and Technology Special Publication 800-171 revision 2.
Generally, NSA recommends knowing where a collaboration tools comes from before downloading, ensuring the encryption is enabled, using the most secure means possible for meeting invitations, verifying that only the intended invitees are present, ensuring that information shared is appropriate for all users, and ensuring that the environment does not provide unintentional access to data.