3.10: Encrypt Sensitive Data in Transit ================================== Encrypt sensitive data in transit. Example implementations can include, Transport Layer Security (TLS) and Open Secure Shell (OpenSSH).

Asset Type	Security Function	Implementation Groups
Data	Protect	2, 3

Dependencies

Safeguard 3.2: Establish and Maintain a Data Inventory
Safeguard 4.1: Establish and Maintain a Secure Configuration Process

Inputs

GV12: Sensitive data Inventory
GV5: Configuration Information

Operations

For each item in GV12, identify the means and components for encrypting data in transit.
Compare the output of Operation 1 with GV5 to check appropriate approved configurations
1. Enumerate the data items in GV12 that are properly configured (M2)
2. Enumerate the data items in GV12 that are improperly configured (M3)

Measures

M1 = Count of items in GV12
M2 = Count of data with properly configured encryption components
M3 = Count of data with improperly configured encryption components

Metrics

Coverage

Metric	The percentage of sensitive data properly configured to be encrypted in	transit.
Calculation	`M2 / M1`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

control-3.10.rst

control-3.10.rst

Dependencies

Inputs

Operations

Measures

Metrics

Coverage

Files

control-3.10.rst

Latest commit

History

control-3.10.rst

File metadata and controls

Dependencies

Inputs

Operations

Measures

Metrics

Coverage