Child pages
  • Zoom for Government (ZfG) Security Best Practices
Skip to end of metadata
Go to start of metadata

PROHIBITED: Controlled Unclassified Information (CUI) 

  • DO NOT discuss, or exchange in any form, CUI (FOUO, PII, PHI, etc) when using Zoom or Zoom for Government (ZfG).
  • Microsoft Teams is the only authorized online meeting platform when discussing or exchanging CUI.
  • Please see sidebar to right on this page for explanation of CUI -->

Security Settings:

  • Enforced globally by Admin.
  • They may not be changed by users.
  • Security settings will be reviewed and adjusted periodically as needed.

Meeting Security:

  • Meeting Passcodes
    • Complex passcodes requried for all meetings (10 characters).
    • Numerical passcodes are required for users joining by telephone.
    • Meeting passcode will not be embedded in invitation links. Attendees must manually enter the passcode to join the meeting.
  • Waiting Room: All attendees will be placed in a waiting room and must be admitted by the meeting host.

Account Security:

  • User Account Passwords:
    • Must be complex, and at least 14 characters.
    • Must be changed every 90 days.

PROHIBITED: Private Zoom Accounts (non-ZfG):

  • Using a private Zoom account to join a ZfG hosted session degrades the cyber-security benefits of operating in the ZfG environment.
  • No Zoom account of any type is necessary to participate in meetings hosted by NPS ZfG accounts.

FACULTY:

  • Faculty must use their NPS furnished ZfG account when using Zoom for DL instruction and hosting or attending meetings involving official NPS business.

STUDENTS:

  • Students should not be signed in to ANY private Zoom account when attending class or meetings hosted in ZfG.
  • It is not necessary for anyone to have a ZfG account to attend class or join NPS hosted ZfG meetings.
  • NPS students are not normally issued ZfG accounts except for special requirements.
    • Students who do have ZfG accounts issued by NPS or other DOD agency may use those accounts for participation in NPS hosted ZfG sessions.
    • Students who have privately acquired Zoom accounts must SIGN OUT of those accounts in the Zoom app and all web browsers before joining ZfG sessions.
    • Instructions here: Are You Using The Right Zoom Account? 

STAFF:

WHO GETS ZfG ACCOUNTS?

  • NPS faculty and limited staff are issued ZfG "host" accounts for academic instruction and NPS business requirements.
    • Host accounts are limited resource.
  • NPS students are not issued ZfG accounts as a rule. Special exceptions will be made on an ad-hoc basis.
    • Students must demonstrate thaT:
      • Microsoft Teams cannot meet their meeting requirements
      • Meeting requirements do not include discussion or exchange of CUI.


Keep the Zoom App Updated:

 Windows and MacOS Instructions

The latest version update information of Zoom for Windows can be found here / MacOS can be found here.

  1. Open the Zoom app

  2. Click your user icon on the top right

  3. Click Check for Updates

  4. You will be prompted to update if out of date

 IOS Instructions

This will only apply if automatic updates are not enabled. The latest version update information of Zoom for IOS can be found here

  1. Open the App Store

  2. Search for Zoom 

  3. If an update exists, Open will be replaced with Update. Click Update

 Android Instructions
  1. Open the Zoom app

  2. Click Settings

  3. Click About

  4. Click Version

  5. You will be prompted to update if out of date


Alternative: download the latest version of zoom here.


What is Controlled Unclassified Information (CUI)?

CUI is unclassified information to which access or distribution limitations have been applied in accordance with national laws, policies, and regulations of the originating country as well as some of those developed by other Executive Branch agencies.

Examples of CUI: For Official Use Only (FOUO), DoD Unclassified Controlled Nuclear Information, Distribution B-F

Public Release of CUI: In accordance with DoDD 5230.09, Deputy Secretary of Defense Memorandum, and other applicable regulations, ALL DoD unclassified information MUST BE REVIEWED AND APPROVED FOR RELEASE before it is provided to the public, including via posting to publicly accessible websites. If you are unsure contact your PAO.


More Info on Zoom:


90-Day Report, What Is Next? 1 JUL 2020 (here)

Webinar 90-Day Progress Report: 1 JUL 2020 (here)

90-Day Progress Report: 24 JUN 2020 (here)