3.10: Encrypt Sensitive Data in Transit ================================== Encrypt sensitive data in transit. Example implementations can include, Transport Layer Security (TLS) and Open Secure Shell (OpenSSH).
Asset Type | Security Function | Implementation Groups |
---|---|---|
Data | Protect | 2, 3 |
- Safeguard 3.2: Establish and Maintain a Data Inventory
- Safeguard 4.1: Establish and Maintain a Secure Configuration Process
GV12
: Sensitive data InventoryGV5
: Configuration Information
- For each item in
GV12
, identify the means and components for encrypting data in transit. - Compare the output of Operation 1 with
GV5
to check appropriate approved configurations - Enumerate the data items in
GV12
that are properly configured (M2) - Enumerate the data items in
GV12
that are improperly configured (M3)
- Enumerate the data items in
- Compare the output of Operation 1 with
- M1 = Count of items in
GV12
- M2 = Count of data with properly configured encryption components
- M3 = Count of data with improperly configured encryption components
Metric | The percentage of sensitive data properly configured to be encrypted in |
transit. |
Calculation | M2 / M1 |