Updated: DND/CAF Security Guide for Teleworking
November 2, 2021 - Defence Stories
Using alternatives to T-DVPNI to communicate will enable us to maximize our bandwidth potential and reserve Department of National Defence/Canadian Armed Forces (DND/CAF) network access. The practices below will ensure that we maintain our necessary security while working remotely.
Public collaboration platforms for sharing unclassified information
Collaboration platforms on the Internet can help you keep contact with colleagues and engage with various communities. By default, users should use Government of Canada and/or DND/CAF provided online services (See Defence 365 note below) from their government devices, whenever possible. Otherwise, it is important to diligently consider the following guidance before using free public cloud services for work related activities:
- Select reputable services with clear privacy and security policies.
- Share only unclassified* information: No sensitive information (Protected A, B, C or classified) is permitted.
- Respect the privacy of your teammates: Ask for their consent before creating accounts for others or inviting teammates to use a service through their personal email address.
- Be inclusive: Some people may not have Internet access, have accessibility challenges, or have concerns using certain public cloud services. Find ways to ensure everyone can participate.
- Monitor: Monitor your virtual community to ensure that no sensitive information is uploaded. Report security incidents to your local Information System Security Officers (ISSO) or Unit Security Supervisor (USS).
- Preserve and transfer: All information records of business value (IRBV) must be preserved and transferred to a DND/CAF information system as soon as practical, once able to do so.
Defence 365 (D365)
Defence 365 provides a Protected A platform for the Defence Team to work and collaborate using both DND/CAF managed and unmanaged (BYOD) devices. The platform includes many information capabilities, such as online document editing, email, chat, videoconferencing and other valuable tools.
Careful! Do not fall for phishing messages posing as DND/CAF or Microsoft related to accounts or asking personal information. Account management communications will come from a trusted and secure source, such as a supervisor.
Please report any security issues to your ISSO, USS, and cloudsecuritymonitoring@jdcp.forces.gc.ca.
Other ways to communicate
Call-tree: Every unit has a call-tree with personal contact information. It is the primary means of getting in touch with staff and employees. You can discuss up to Protected B on phone/cellphones systems in North America.
BBM Enterprise (BBMe): Some DND users have access to BBMe on their mobile devices. This application is approved up to Protected B when used with GC Enterprise accounts.
GCCollab: The Treasury Board Secretariat hosts GCCollab (accessible only on the National Defence network), which has a messenger application, forum and WIKI for unclassified information only.
*What is Unclassified Information?
Unclassified information is information that is not injurious to the national interest, or an individual, organization or the government. The National Defence Security Orders Chapter 6 explains how to categorize information. The following are examples of Protected and sensitive information, which is not permitted on public cloud services:
- Third-party business information provided in confidence (Access to Information Act – s.20);
- Unclassified information provided in confidence from another government or international organization (Access to Information Act – s.13 and s.15);
- Defence and Security Information, such as operating instructions for Controlled Goods (Defence Production Act), Unpublished Defence Research Intellectual Property (Access to Information Act – s.18), or Defence Systems vulnerabilities (Access to Information Act – s.16) (see Defence Production Act and Access to Information Act exemptions);
- An individual’s private information without their consent: date of birth, race, national or ethnic origin, colour, religion, age, marital status, academics/test scores, medical or financial information, as examples;
- Any identifying number (including Personal Record Identifier [PRI] or Service Number [SN]), symbol, or other assigned particular, address, fingerprints, or blood type.
For further details, refer to:
- Access to Information Act (PDF, 764 KB)
- Archived - Access to Information Guidelines - Specific Exemptions
Remember that free services are monetized through access to user content. Information shared on these platforms is considered to be in the public domain. Reputable service providers have some level of protection when compliant with regulations such as General Data Protection Regulation (GDPR), or when hosted in Canada or the USA and governed by similar privacy laws.
Using DND equipment at home
You must be diligent in the care of your DND equipment. Laptops and mobile phones should be stored securely and out of sight, when not in use. Your Public Key Infrastructure (PKI) card should also be kept securely, as it is both a sensitive security item and essential for connecting to T-DVPNI.
Stay cyber safe
Currently, cyber criminals are leveraging pandemic themes in phishing emails and malicious sites. For example, a known scam entices users to visit a fake COVID-19 heat map, infecting vulnerable computers. Stay alert and be vigilant:
- Avoid clicking on links in unsolicited emails or text messages and be wary of attachments
- Use trusted sources, such as legitimate government websites, for up-to-date, fact-based information
- Do not reveal personal or financial information in email and do not respond to email solicitations for this information
Visit the Get Cyber Safe sitefor more information and tips.
Page details
- Date modified: