DND/CAF Security Guide for Teleworking during the COVID-19 Response

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

March 20, 2020 - Defence Stories

Using alternatives to T-DVPNI to communicate during our COVID-19 response will enable us to maximize our bandwidth potential and reserve Department of National Defence/Canadian Armed Forces (DND/CAF) network access for critical activities only. The practices below will ensure that we maintain our necessary security while working remotely.

Public collaboration platforms for sharing unclassified information

Collaboration platforms on the Internet can help you share information and keep in contact with colleagues and clients. Before using public cloud services to communicate from your personal devices, here are some important security considerations:

  1. Select a reputable service, such as:
  2. Share only unclassified* information: No sensitive information (Protected A, B, C or classified) is permitted.
  3. Respect the privacy of your teammates: Ask for their consent before creating accounts for others or inviting teammates to use a service through their personal email address.
  4. Be inclusive: Some people may not have Internet access, have accessibility challenges, or have concerns using certain public cloud services. Find ways to ensure everyone can participate.
  5. Monitor: Monitor your virtual community to ensure that no sensitive information is uploaded. Report security incidents to your local Information System Security Officers (ISSO) or Unit Security Supervisor (USS).
  6. Preserve and transfer: All information records of business value (IRBV) must be preserved and transferred to a DND/CAF information system as soon as practical, once able to do so.

Defence O365

ADM(IM) is rolling out Defence O365, a Microsoft Office 365 platform including the MS Teams collaboration tool, to the Defence Team. This platform complements the existing T-DVPNI system to work with up to Protected A information and improves the remote work experience for the Defence Team. Defence O365 is the recommended platform for Defence team collaboration.

Personnel who have not been onboarded will be contacted by their L1 representative with instructions on how to create an account, along with contact information to reach support from for your organization’s Power Users. 

Careful! Do not fall for phishing emails posing as DND/CAF messages on this onboarding subject and other subjects; your onboarding communications will come from a trusted and secure source, such as a supervisor.

Please report any security issues to your ISSO, USS, or cloudsecuritymonitoring@jdcp.forces.gc.ca.

Other ways to communicate

Call-tree: Every unit has a call-tree with personal contact information. It is the primary means of getting in touch with staff and employees. You can discuss up to Protected B on phone/cellphones systems in North America.

BBM Enterprise (BBMe): Some DND users have access to BBMe on their mobile devices. This application is approved up to Protected B when used with GC Enterprise accounts.

GCCollab: The Treasury Board Secretariat hosts GCCollab, which has a messenger application, forum and WIKI for unclassified information only.

Other: Other options are being developed with improved security and should be communicated soon.

*What is Unclassified Information?

Unclassified information is information that is not injurious to the national interest, or an individual, organization or the  government.  The National Defence Security Orders Chapter 6 explains how to categorize information. The following are examples of Protected and sensitive information, which is not permitted on public cloud services:

For further details, refer to:

Remember that free services are monetized through access to user content. Information shared on these platforms is considered to be in the public domain. Reputable service providers have some level of protection when compliant with regulations such as General Data Protection Regulation (GDPR), or when hosted in Canada or the USA and governed by similar privacy laws.

Using DND equipment at home

You must be diligent in the care of your DND equipment. Laptops and mobile phones should be stored securely and out of sight, when not in use. Your Public Key Infrastructure (PKI) card should also be kept securely, as it is both a sensitive security item and essential for connecting to T-DVPNI.

Stay cyber safe

Currently, cyber criminals are leveraging pandemic themes in phishing emails and malicious sites. For example, a known scam entices users to visit a fake COVID-19 heat map, infecting vulnerable computers. Stay alert and be vigilant:

Visit the Get Cyber Safe site for more information and tips.

Page details

Date modified: