HomeInsightsNational Cyber Security Centre publishes draft guidance on secure communication principles

Article by

The new draft guidance aims to assess the security of voice, video and messaging services. The principles are designed to help organisations make sound security decisions when selecting the products and services that provide secure communications in the workplace. The principles are aimed at risk owners and security professionals who wish to assess communication technologies for their organisations, to help them achieve the right balance of functionality, security and privacy.

Ultimately, the guidance should help organisations choose the voice, video, email and messaging services that are right for them.

The guidance sets out seven secure communication principles:

  1. protect data in transit;
  2. protect network nodes with access to sensitive data;
  • protect user access to the service;
  1. ensure secure audit of communications is provided;
  2. allow administrators to securely manage users and systems;
  3. use metadata only for its necessary purpose; and
  • assess supply chain for trust and resilience.

The guidance is in draft form and the NCSC welcomes any feedback, especially from vendors of communication services (or organisations that would use them), which could help it improve and finalise the principles.

The deadline for responses is 30 April 2020. To access the guidance and for details on how to provide feedback, click here.