3.10: Encrypt Sensitive Data in Transit
Encrypt sensitive data in transit. Example implementations can include, Transport Layer Security (TLS) and Open Secure Shell (OpenSSH).
Asset Type |
Security Function |
Implementation Groups |
---|---|---|
Data |
Protect |
2, 3 |
Dependencies
Safeguard 3.2: Establish and Maintain a Data Inventory
Safeguard 4.1: Establish and Maintain a Secure Configuration Process
Inputs
GV12
: Sensitive data InventoryGV5
: Configuration Information
Operations
For each item in
GV12
, identify the means and components for encrypting data in transit.- Compare the output of Operation 1 with
GV5
to check appropriate approved configurations Enumerate the data items in
GV12
that are properly configured (M2)Enumerate the data items in
GV12
that are improperly configured (M3)
- Compare the output of Operation 1 with
Measures
M1 = Count of items in
GV12
M2 = Count of data with properly configured encryption components
M3 = Count of data with improperly configured encryption components