Страницы

Monday, April 27, 2020

Communication security

Zoom or Not? NSA Offers Agencies Guidance for Choosing Videoconference Tools.

Video conferencing platforms Zoom and Microsoft Teams are both FedRAMP-approved, but while Zoom offers end-to-end encryption, Microsoft Teams does not.

These are just two of nine factors the National Security Agency cites in its guide to help federal workers choose commercial telework tools for “safely using collaboration services,” as necessitated by the coronavirus pandemic.

The guide, which NSA released Friday, applies only to commercial applications, and one strong recommendation from the agency is that, when possible, workers use U.S. government services such as Defense Collaboration Services, Intelink Services and others, which were designed specifically for secure government communications. But government workers still need to interact with external entities which might be sending them invitations via commercial applications, and the NSA has detailed a number of factors for them to weigh in deciding which ones to facilitate:
Does the service implement end-to-end encryption?
  • Are strong, well-known, testable encryption standards used?
  • Is multi-factor authentication used to validate users’ identities?
  • Can users see and control who connects to collaboration sessions?

No comments:

Post a Comment