Due to COVID19, many United States Government (USG) personnel have been forced to conduct operations remotely. The National Security Agency (NSA) has taken the necessary need for commercial collaboration services on personal devices; in order to continue some government official use. To equip personnel with the safest and most secure choices of commercial collaboration they have utilized scope and audience to identify criteria that qualifies if a company or device is appropriate for use.
- Does the service implement end-to-end encryption?
- Are strong, well-known, testable encryption standards (such as NIST-approved algorithms and current IETF secure protocol standards) used?
- Is multi-factor authentication (MFA) used to validate users’ identities?
- Can users see and control who connects to collaboration sessions?
- Do users have the ability to securely delete data from the service and its repositories as needed?
- Has the collaboration service’s source code been shared publicly?
- Has the service been reviewed or certified by a security-focused, nationally recognized government body?
- Is the service developed and/or hosted under the jurisdiction of a government with laws that could jeopardize USG official use?
Read more about these criteria in depth by visiting the department of defense’s website.