small-logo
Need help now? Call 216.321.7774

The National Security Agency’s Recommendations for Selecting and Safely Using Collaboration Services for Telework

For many, the NSA stands for No Such Agency. Actually, it refers to the National Security Agency, a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence. The NSA is responsible for global monitoring, collection, and processing of information and data for foreign and domestic intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems. The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine.

In what may be a first (a first for us, at least), the NSA has released a paper handicapping most of the popular collaboration software products (e.g. Zoom, Skype, etc.) that many of us are using on a daily basis.

From the NSA:  This NSA paper presents an initial assessment of how available commercial collaboration services satisfy their security criteria. The selection of services for this initial assessment was driven by inquiries and usage from across NSA’s national security customer base; this is not a comprehensive list of services or possible criteria. NSA analysts gathered factual material from published company literature and product specifications, supplemented by other openly published analyses and basic hands-on technical observation. No formal testing was performed on products or services for this analysis. These assessment findings are meant to serve as an input for government employees and organizations. Users of these services must exercise judgment when choosing a service for their particular mission telework needs.

Summary
During a global pandemic or other crisis contingency scenarios, many United States Government (USG) personnel must operate from home while continuing to perform critical national functions and support continuity of government services. With limited access to government furnished equipment (GFE) such as laptops and secure smartphones, the use of (not typically approved) commercial collaboration services on personal devices for limited government official use becomes necessary and unavoidable.

We define collaboration services as those capabilities that allow the workforce to communicate via internet-enabled text, voice, and video, and can include the sharing of files and other mission content. Collaboration can occur between two people or widened to include a large group to support mission needs.

This document provides a snapshot of best practices and criteria based on capabilities available at the time of publication and was coordinated with the Department of Homeland Security (DHS), which is releasing a similar guide: “Cybersecurity Recommendations for Federal Agencies When Using Video Conferencing Solutions.” This NSA publication is designed to
provide simple, actionable, considerations for individual government users. The intent of this document is not meant to be exhaustive or based on formal testing, but rather be responsive to a growing demand amongst the federal government to allow its workforce to operate remotely using personal devices when deemed to be in the best interests of the health and welfare of its workforce and the nation.

Recommendations in this document are likely to change as collaboration services evolve and also address known vulnerabilities and threats. Users should be aware that even the most secure collaboration service cannot defend against a compromised user device.

To read the rest, click here.


Contact Us

Your name Organization name Describe your situation Your phone number Your email address
Leave this as it is