Video conferencing platforms Zoom and Microsoft Teams are both FedRAMP-approved, but while Zoom offers end-to-end encryption, Microsoft Teams does not.
These are just two of nine factors the National Security Agency cites in its guide to help federal workers choose commercial telework tools for “safely using collaboration services,” as necessitated by the coronavirus pandemic.
The guide, which NSA released Friday, applies only to commercial applications, and one strong recommendation from the agency is that, when possible, workers use U.S. government services such as Defense Collaboration Services, Intelink Services and others, which were designed specifically for secure government communications. But government workers still need to interact with external entities which might be sending them invitations via commercial applications, and the NSA has detailed a number of factors for them to weigh in deciding which ones to facilitate:
Does the service implement end-to-end encryption?
Are strong, well-known, testable encryption standards used?
Is multi-factor authentication used to validate users’ identities?
Can users see and control who connects to collaboration sessions?
Does the service privacy policy allow the vendor to share data with third parties or affiliates?
Do users have the ability to securely delete data from the service and its repositories as needed?
Has the collaboration service’s source code been shared publicly (e.g. open source)?
Has the service and/or app been reviewed or certified for use by a security-focused nationally recognized or government body?
Is the service developed and/or hosted under the jurisdiction of a government with laws that could jeopardize U.S. government official use?
The NSA guidance includes a disclaimer noting it is not in ..
Support the originator by clicking the read the rest link below.
