White Paper: TSG Compliance in the Age of Softphones

Securing Softphones in High-Security Government Spaces

Why the shift from TSG-compliant desk phones to PC-based collaboration tools puts “on-hook security” and peripherals back in scope

Federal agencies are rapidly shifting from legacy, hardware-based desk phones to software-defined voice and cloud collaboration platforms, a transition accelerated by the 2020 pandemic. It explains why this modernization, while improving mobility, interoperability, and operational efficiency, creates new security risks for environments governed by CNSSI 5000 and NTSWG Telephone Security Group (TSG) requirements, especially the loss of deterministic “on-hook security.”

This paper contrasts TSG-compliant phones’ hardware-enforced protections with softphone clients running on multi-purpose PCs that keep persistent connections to microphones and speakers, expanding the attack surface and driving reliance on external peripherals. It concludes by emphasizing the importance of understanding and mitigating peripheral-related risks to maintain TSG-aligned compliance in secure government spaces.