u/Rare_Chocolate5859

How are people verifying identity on unclassified DoD calls?

Reading about the recent government Signal chat incident and it got me thinking. When you're outside a SCIF and discussing sensitive but unclassified stuff like program schedules, logistics, milestones etc. how are people actually verifying they're talking to the right person?

CACs and PKI don't really help once you're off secure systems. Is it mostly just callbacks, known numbers and recognizing someone's voice or are there better processes? I know Kibu's a thing, but I'm more interested in how people are solving the problem today.

Curious what the norm is for people working in the defense contractor world

reddit.com
u/Rare_Chocolate5859 — 2 days ago