Organizations may already have these best practices in place, such as secure communication platforms1 and multifactor authentication (MFA) policies. In cases where organizations do not, apply the following best practices to your mobile devices.
And goes on to say:
Adopt a free messaging application for secure communications that guarantees end-to-end encryption, such as Signal or similar apps.
But concludes:
Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.
So they mention signal as an example of an app that they are talking about, but they explicitly state that by mentioning it they are not implying to endorse or recommend or even favor it.
Moreover, the advice doesn't apply to organizations that have their own best practices in place, which the organizations in question certainly do. So the question isn't what CISA recommends it's what the CIA, DoD, Department of State, etc. recommend.
https://www.cisa.gov/sites/default/files/2024-12/guidance-mo...
Which says:
And goes on to say: But concludes: So they mention signal as an example of an app that they are talking about, but they explicitly state that by mentioning it they are not implying to endorse or recommend or even favor it.Moreover, the advice doesn't apply to organizations that have their own best practices in place, which the organizations in question certainly do. So the question isn't what CISA recommends it's what the CIA, DoD, Department of State, etc. recommend.