Changes

Secure Remote Work Technical Considerations (view source)

Revision as of 12:51, 4 May 2020

131 bytes added , 12:51, 4 May 2020

→‎Criteria to consider when choosing a collaborative application

Line 79: Line 79:

==Criteria to consider when choosing a collaborative application==

−

When choosing or deciding which public applications to use for your work, consider the following excerpt from the Nation Security Agency's publication:

+

When choosing or deciding which public applications to use for your work, consider the following excerpt from the Nation Security Agency's [https://media.defense.gov/2020/Apr/24/2002288652/-1/-1/0/CSI-SELECTING-AND-USING-COLLABORATION-SERVICES-SECURELY-LONG-FINAL.PDF publication]:

*Does the application the application support end-to-end (E2E) encryption?

Line 85: Line 85:

*Is multi-factor authentication (MFA) used to validate users’ identities?

*Can users see and control who connects to collaboration sessions?

−

*Does the service privacy policy allow the vendor to share data with third parties or

+

*Does the service privacy policy allow the vendor to share data with third parties or affiliates?

−

affiliates?

+

−

*Do users have the ability to securely delete data from the service and its repositories as

+

*Do users have the ability to securely delete data from the service and its repositories as needed?

−

needed?

+

*Has the collaboration service’s source code been shared publicly (e.g. open source)?

−

*Is the service developed and/or hosted under the jurisdiction of a government with laws that

+

*Is the service developed and/or hosted under the jurisdiction of a government with laws that could jeopardize government standards and policy?

−

could jeopardize government standards and policy?

−

== References ==

*[https://csrc.nist.gov/CSRC/media/Publications/Shared/documents/itl-bulletin/itlbul2020-03.pdf Secure Teleworking Bulletin - NIST Publication]

Greggory.elton

802

edits