The NSA Wants You To Remove Non-secure TLS Protocol Versions

The National Security Agency published this helpful whitepaper discussing obsolete Transport Layer Security (TLS) versions, cypher suites and key exchange mechanisms. NSA also provides guidance to configure secure TLS communications, strategies to detect non-secure TLS communications, and remediation steps when outdated protocols are discovered.

Why is this information important? Organizations employing non-secure TLS or Secure Socket Layer (SSL) communications protocols may be unaware that they are exposing their information to criminals and their attacks. We realize this whitepaper is pretty far into the technical weeds, but HIPAA Security Officers should be able to verify with the information services staff whether their organization is compliant with §§164.312(e)(1) - (2).

The graphic below is linked to the whitepaper and we emphatically recommend a review.

Stay (HIPAA) safe,

Alan -