Here's The NSA's Guide For Choosing A Safe Text Chat And Video Conferencing Service

NSA logo
Image: Pankaj Patel, NSA, ZDNet

The US National Security Agency (NSA) published last week a security assessment of today's most popular video conferencing, text chatting, and collaboration tools.

The guidance contains a list of security criteria that the NSA hopes companies take into consideration when selecting which telework tool/service they want to deploy in their environments.

The NSA document is not only meant for US government and military entities but the private sector as well.

The idea behind the NSA's initiative is to give military, public, and private organizations an overview of all of a tools' features, so IT staff don't make wrong decisions, expecting that a tool provides certain features that are not actually living up to the reality.

Per the NSA's document, the assessed criteria answers to basic questions like:

  1. Does the service implement end-to-end (E2E) encryption?
  2. Does the E2E encryption use strong, well-known, testable encryption standards?
  3. Is multi-factor authentication (MFA) available?
  4. Can users see and control who connects to collaboration sessions?

  5. Does the tool's vendor share data with third parties or affiliates?

  6. Do users have the ability to securely delete data from the service and its repositories as needed (both on client and server side)?

  7. Is the tool's source code public (e.g. open source)?

  8. Is the service FedRAMP approved for official US government use?

A snapshot of these assessments is available in the image below. [In case any of these change and the screenshot becomes outdated through the years, please refer to the original PDF document.]

NSA teleconferencing
Image: NSA

The NSA published the above assessment due to the ongoing coronavirus (COVID-19) pandemic, which has resulted in many private-sector employees, government workers, and military members working from home and increasingly relying on teleworking tools.

Knowing which tool fits which security posture and threat matrix is the first step in preventing intrusions, the NSA said.

This assessment also marks the second cyber-security advisory that the NSA issued last week. Days before, the agency had also published guidance and a list of the most common vulnerabilities threat actors had been using to plant web shells on servers.

Yesterday, the US government has also issued another security alert, this one by the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA). CISA said it was concerned about hasty deployments of Office 365 and Microsoft Teams that may have exposed companies to attacks due to missing key security configurations.

RECENT NEWS

How Fintech Is Revolutionizing Traditional Banking

How fintech is revolutionizing traditional banking is a topic that is garnering positive and immense discourse within th... Read more

Blockchain And Its Impact On Fintech Industry

Blockchain and its impact on Fintech Industry has become a hot topic in the current digital era. The amalgamation of blo... Read more

The Rise Of Fintech In The Digital Era

In the heart of the digital revolution, we've observed a term termed as "fintech" creating a substantial and transformat... Read more

Role Of Fintech In Transforming Retail Banking

The role of fintech in transforming retail banking is producing significant changes in the financial services industry. ... Read more

Fintech Innovations In Asset Management

Financial technology, or FinTech, refers to the blending of financial services with technology. The importance of FinTec... Read more

Exploring The Future Of Accounting Software: Unveiling The Power Of AI

The revolutionary ignition sparked by artificial intelligence (AI) cannot be understated in contemporary business ecosys... Read more