Telephone systems are prevented from communicating unauthorised classified information.

]]> This section covers information relating to the secure use of fixed, including cordless, telephones, as well as the systems they use to communicate information.

]]> Information regarding Voice over Internet Protocol (VoIP) and encryption of data in transit is covered in Section 18.3 – Video & Telephony Conferencing and Internet Protocol Telephony and Section 17.1 - Cryptographic Fundamentals.

]]> It MUST be noted that VOIP and cellular phones have some of the same vulnerabilities as wired and cordless phones.

]]> All unsecure telephone networks are subject to interception. The level of expertise needed to do this varies greatly. Accidentally or maliciously revealing classified information over a public telephone networks can lead to interception.

]]> Agencies MUST develop a policy governing the use of telephones and telephone systems.

]]> There is a high risk of unintended disclosure of classified information when using telephones. It is important that personnel are made aware of what levels of classified information they discuss on particular telephone systems as well as the audio security risk associated with the use of telephones.

]]> Agencies MUST advise personnel of the maximum permitted classification for conversations using both internal and external telephone connections.

]]> Agencies SHOULD advise personnel of the audio security risk posed by using telephones in areas where classified conversations can occur.

]]> When single telephone systems are approved to hold conversations at different classifications, alerting the user to the classification level they can speak at when using their phone will assist in the reducing the risk of unintended disclosure of classified information.

]]> Agencies permitting different levels of conversation for different types of connections MUST use telephones that give a visual indication of the classification of the connection made.

]]> When classified conversations are to be held using telephone systems, the conversation needs to be appropriately protected through the use of encryption measures.

]]> Agencies intending to use telephone systems for the transmission of classified information MUST ensure that:

  • the system has been accredited for the purpose; and
  • all classified traffic that passes over external systems is appropriately encrypted.
]]> Cordless telephones have little or no effective transmission security, therefore should not be used for classified or sensitive communications. They also operate in an unlicensed part of the radio spectrum used for a wide range of other devices.

]]> Agencies MUST NOT use cordless telephones for classified conversations.

]]> Agencies SHOULD NOT use cordless telephones for classified or sensitive conversations.

]]> As the data between cordless handsets and base stations is not secure, cordless telephones MUST NOT be used for classified communications even if the device is connected to a secure telephony device.

]]> Agencies MUST NOT use cordless telephones in conjunction with secure telephony devices.

]]> Speakerphones are designed to pick up and transmit conversations in the vicinity of the device they should not be used in secure areas as the audio security risk is extremely high.

]]> If the agency is able to reduce the audio security risk through the use of appropriate countermeasures then an exception may be approved by the Accreditation Authority.

]]> If a speakerphone is to be used on a secure telephone system within a secure area, agencies MUST apply the following controls:

  • it is located in a room rated as audio secure;
  • the room is audio secure during any conversations; 
  • only cleared personnel involved in discussions are present in the room; and
  • ensure approval for this exception is granted by the Accreditation Authority.
]]> Providing off-hook security minimises the chance of accidental classified conversation being coupled into handsets and speakerphones. Limiting the time an active microphone is open limits this threat. This is normally achieved with push-to-talk (PTT) mechanisms.

]]> Simply providing an off-hook audio protection feature is not, in itself, sufficient. To ensure that the protection feature is used appropriately personnel will need to be made aware of the protection feature and trained in its proper use. Where PTT or some other similar functionality is installed, the activation mechanism (such as a button or switch) must be clearly labelled.

]]> Many new digital desk phones control these functions through software, rather than a mechanical switch.

]]> Agencies MUST ensure that off-hook audio protection features are used on all telephones that are not accredited for the transmission of classified information in areas where such information could be discussed.

]]> Agencies MUST use push-to-talk mechanisms to meet the requirement for off-hook audio protection. PTT activation MUST be clearly labelled.

]]> Agencies SHOULD ensure that off-hook audio protection features are used on all telephones that are not accredited for the transmission of classified information in areas where such information could be discussed.

]]> Voicemail and other messages and communications may fall within the legal definition of electronic records. If so retention and archive requirements are prescribed.

]]> Agencies MUST remove unused voice mailboxes.

]]> Agencies MUST expire and archive or delete voicemail messages after the retention period determined by the agency’s electronic records retention policy.

]]> Agencies SHOULD develop and implement a policy to manage the retention and disposal of such electronic records, including voicemail, email and other electronic records.

]]>