The US National Security Agency (NSA) published last week a security assessment of today’s most popular video conferencing, text chatting, and collaboration tools. From a report: The guidance contains a list of security criteria that the NSA hopes companies take into consideration when selecting which telework tool/service they want to deploy in their environments. The NSA document is not only meant for US government and military entities but the private sector as well. The idea behind the NSA’s initiative is to give military, public, and private organizations an overview of all of a tools’ features, so IT staff don’t make wrong decisions, expecting that a tool provides certain features that are not actually living up to the reality. Per the NSA’s document, the assessed criteria answers to basic questions like:
Does the service implement end-to-end (E2E) encryption?
Does the E2E encryption use strong, well-known, testable encryption standards?
Is multi-factor authentication (MFA) available?
Can users see and control who connects to collaboration sessions?
Does the tool’s vendor share data with third parties or affiliates?
Do users have the ability to securely delete data from the service and its repositories as needed (both on client and server-side)?
Is the tool’s source code public (e.g. open source)?
Is the service FedRAMP approved for official US government use?
of this story at Slashdot.