The Navy CIO office has warned that unsecured commercial video conferencing may pose a security risk, a consideration that now broadly applies across the government as work increasingly is being done remotely.
“Use of collaboration tools greatly enhances our warfighting and business process capabilities during the COVID-19 crisis; however, the use of unauthorized collaboration tools on DON IT could expose critical information or introduce vulnerabilities,” an internal Navy notice said.
“Commands are to remind personnel that use of unauthorized commercial collaboration tools or commercial e-mail on GFE [government-furnished equipment] is a violation of DON acceptable use policy” as well as DoD policy on handling controlled but unclassified information (CUI), it says.
“Defense Collaboration Service (DCS) is the only DoD approved collaboration tool. Additionally, Global Video Services (GVS), Secure Access File Exchange (SAFE), and Intelink are all DoD approved capabilities for use on GFE. Commands are not to establish vendor agreements or contracts for use of new collaboration tools during the COVID-19 crisis without DON CIO advance approval,” it says.
It said that in the immediate time ahead, DoD will authorize the use of the Commercial Virtual Remote Environment, “which will provide DoD teleworkers with access to a subset of Microsoft Office 365 capabilities to facilitate continuity of operations using home or personal computers,” and which will be “decommissioned after the crisis.”
“While this policy does not prohibit participating in a collaboration with an outside organization which has established a meeting with other non-DON/DoD approved collaboration tools, it remains the responsibility of the individual employee to properly protect and handle CUI at all times,” it says.