NCSC Security Principles

Please find how Cryptify Call meet NCSC’s Secure Communication Principles

1 – Protect data in transit

Data is protected using end-to-end encryption, i.e from the sender to the receiver. This applies for both key exchange and media, including multi-party conferencing.
Before the user accepts the call the other party is identifies and authenticates, including which Security Domain that attested the identity.

2 – Protect network nodes with access to sensitive data

The architecture divides the central functions in a security domain where the offline Cryptify Management System (CMS) is handling all sensitive information, and an open domain for VoIP traffic, where no sensitive information is exposed unencrypted, handled by the Cryptify Rendezvous Server (CRS).

3 – Protect user access to the service

Users must be provisioned with an enrolment code issued by the CMS in order to access the service.

4 – Ensure secure audit of communications is provided

In the offline CMS it is possible to configure the Cryptify Call system to use the MIKEY-SAKKE key exchange scheme, which enables the CMS operator to perform secure auditing.

5 – Allow administrators to securely manage users and systems

The offline CMS controls which users can access the system and with which other systems they are permitted to communicate.

6 – Use metadata only for its necessary purpose

Cryptify AB provide its customer with software and licenses in order for them to deploy their own on-premises Cryptify Call system. Hence, any metadata produced by that system is owned and controlled by the customer.
The Cryptify Call systems only collects metadata necessary to operate. Please read more in the privacy statement

7 – Assess supply chain for trust and resilience

Cryptify uses a certified development process to manages third party products as well as internal development to ensure customers can trust the products we supply.
Subject to authorization by the CMS administrator of the respective organization, users can communicate with users belonging to other organizations in an end-to-end encrypted and authenticated manner.
Cryptify Call is built on reliable, open standards and protocols enabling multi-vendor interoperability. The comprehensive security of the solution is based on government approved, well-proven standard algorithms and protocols such as Advanced Encryption Standard (AES), MIKEY-SAKKE, and Secure Real-time Transport Protocol (SRTP).