Updated: DND/CAF Security Guide for Teleworking

November 2, 2021 -  Defence Stories

Using alternatives to T-DVPNI to communicate will enable us to maximize our bandwidth potential and reserve Department of National Defence/Canadian Armed Forces (DND/CAF) network access. The practices below will ensure that we maintain our necessary security while working remotely.

Public collaboration platforms for sharing unclassified information

Collaboration platforms on the Internet can help you keep contact with colleagues and engage with various communities. By default, users should use Government of Canada and/or DND/CAF provided online services (See Defence 365 note below) from their government devices, whenever possible. Otherwise, it is important to diligently consider the following guidance before using free public cloud services for work related activities:

  1. Select reputable services with clear privacy and security policies.
  2. Share only unclassified* information: No sensitive information (Protected A, B, C or classified) is permitted.
  3. Respect the privacy of your teammates: Ask for their consent before creating accounts for others or inviting teammates to use a service through their personal email address.
  4. Be inclusive: Some people may not have Internet access, have accessibility challenges, or have concerns using certain public cloud services. Find ways to ensure everyone can participate.
  5. Monitor: Monitor your virtual community to ensure that no sensitive information is uploaded. Report security incidents to your local Information System Security Officers (ISSO) or Unit Security Supervisor (USS).
  6. Preserve and transfer: All information records of business value (IRBV) must be preserved and transferred to a DND/CAF information system as soon as practical, once able to do so.

Defence 365 (D365)

Defence 365 provides a Protected A platform for the Defence Team to work and collaborate using both DND/CAF managed and unmanaged (BYOD) devices. The platform includes many information capabilities, such as online document editing, email, chat, videoconferencing and other valuable tools.

Careful! Do not fall for phishing messages posing as DND/CAF or Microsoft related to accounts or asking personal information. Account management communications will come from a trusted and secure source, such as a supervisor.

Please report any security issues to your ISSO, USS, and cloudsecuritymonitoring@jdcp.forces.gc.ca.

Other ways to communicate

Call-tree: Every unit has a call-tree with personal contact information. It is the primary means of getting in touch with staff and employees. You can discuss up to Protected B on phone/cellphones systems in North America.

BBM Enterprise (BBMe): Some DND users have access to BBMe on their mobile devices. This application is approved up to Protected B when used with GC Enterprise accounts.

GCCollab: The Treasury Board Secretariat hosts GCCollab (accessible only on the National Defence network), which has a messenger application, forum and WIKI for unclassified information only.

*What is Unclassified Information?

Unclassified information is information that is not injurious to the national interest, or an individual, organization or the government.  The National Defence Security Orders Chapter 6 explains how to categorize information. The following are examples of Protected and sensitive information, which is not permitted on public cloud services:

For further details, refer to:

Remember that free services are monetized through access to user content. Information shared on these platforms is considered to be in the public domain. Reputable service providers have some level of protection when compliant with regulations such as General Data Protection Regulation (GDPR), or when hosted in Canada or the USA and governed by similar privacy laws.

Using DND equipment at home

You must be diligent in the care of your DND equipment. Laptops and mobile phones should be stored securely and out of sight, when not in use. Your Public Key Infrastructure (PKI) card should also be kept securely, as it is both a sensitive security item and essential for connecting to T-DVPNI.

Stay cyber safe

Currently, cyber criminals are leveraging pandemic themes in phishing emails and malicious sites. For example, a known scam entices users to visit a fake COVID-19 heat map, infecting vulnerable computers. Stay alert and be vigilant:

Visit the Get Cyber Safe sitefor more information and tips.

Page details

Date modified: