The National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions.
The NSA recommends that system administrators working at the Pentagon, other agencies in the U.S. government that oversee national security issues, as well as private firms and third parties that supply agencies with technology replace obsolete Transport Layer Security and Secure Sockets Layer protocols that are used to encrypt network traffic traveling between servers. The NSA advises other organizations to follow the guidelines as well.
The agency notes that all federal agencies should prioritize replacing outdated TLS protocols because they can enable unauthorized network access to nation-state actors and other adversaries, who can then modify the traffic to perform man-in-the-middle attacks.
NSA Recommendations
NSA has released on GitHub a free detection tool for identifying obsolete TLS versions in their systems.
Federal agencies should update old protocols to the latest versions and ensure that they are configured to meet the encryption standards stipulated by the intergovernmental Committee on National Security Systems organization as well as the National Institute of Standards and Technology, the NSA says.
