CAF Outcome B3.b: Data in Transit

From the UK NCSC's Cyber Assessment Framework (version 3.1):

You have protected the transit of data important to the operation of the essential function. This includes the transfer of data to third parties.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

NCSC CAF Mapped to NIST CSF

B3.b: Data in Transit to CSF mappings generated from UK Cabinet Office table.

Search:

Control ID	Description
PR.DS-2	Data-in-transit is protected
DE.AE-1	A baseline of network operations and expected data flows for users and systems is established and managed
PR.DS-5	Protections against data leaks are implemented
PR.IP-5	Policy and regulations regarding the physical operating environment for organizational assets are met
PR.DS-4	Adequate capacity to ensure availability is maintained
PR.DS-6	Integrity checking mechanisms are used to verify software, firmware, and information integrity
PR.AC-5	Network integrity is protected (e.g., network segregation, network segmentation)
PR.PT-5	Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations
ID.BE-4	Dependencies and critical functions for delivery of critical services are established
PR.PT-4	Communications and control networks are protected
ID.AM-3	Organizational communication and data flows are mapped

Showing 1 to 11 of 11 entries

ATT&CK Mitigations

MITRE ATT&CK mitigations which map to this CAF outcome, based on mappings by Ofgem.

Encrypt Sensitive Information

Protect sensitive information with strong encryption.

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.

Information confidentiality (SR 4.1)
ISA/IEC 62443-3-3:2013
Strength of public key authentication (SR 1.9)
ISA/IEC 62443-3-3:2013
Communication integrity (SR 3.1)
ISA/IEC 62443-3-3:2013
Use of cryptography (SR 4.3)
ISA/IEC 62443-3-3:2013
Authenticator management (SR 1.5)
ISA/IEC 62443-3-3:2013
Protect connections (4.3.3.3.6)
ISA/IEC 62443-2-1:2009

Related ISO 27001 Controls

Clauses and controls from ISO 27001 (2013) which are related to this CAF outcome, taken from mappings by Ofgem.

Protecting application services transactions (14.1.3)
ISO 27001:2013
Securing application services on public networks (14.1.2)
ISO 27001:2013
Electronic messaging (13.2.3)
ISO 27001:2013
Cabling security (11.2.3)
ISO 27001:2013
Physical security perimeter (11.1.1)
ISO 27001:2013

Related SP800-53 Controls

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Search:

Node
SC-11: Trusted Path
SC-8: Transmission Confidentiality and Integrity
SC-12: Cryptographic Key Establishment and Management
SI-4: System Monitoring
CA-3: Information Exchange
CM-2: Baseline Configuration
AC-4: Information Flow Enforcement
PE-19: Information Leakage
SC-31: Covert Channel Analysis
AC-5: Separation of Duties
AC-6: Least Privilege
SC-7: Boundary Protection
PS-6: Access Agreements
SC-13: Cryptographic Protection
PS-3: Personnel Screening
PE-13: Fire Protection
PE-14: Environmental Controls
PE-15: Water Damage Protection
PE-10: Emergency Shutoff
PE-18: Location of System Components
PE-12: Emergency Lighting
SC-5: Denial-of-service Protection
CP-2: Contingency Plan
AU-4: Audit Log Storage Capacity
SC-16: Transmission of Security and Privacy Attributes
SI-7: Software, Firmware, and Information Integrity
AC-10: Concurrent Session Control
SC-6: Resource Availability
CP-8: Telecommunications Services
CP-11: Alternate Communications Protocols
CP-13: Alternative Security Mechanisms
PL-8: Security and Privacy Architectures
SA-14: Criticality Analysis
CP-7: Alternate Processing Site
PE-11: Emergency Power
PE-9: Power Equipment and Cabling
PM-8: Critical Infrastructure Plan
SC-37: Out-of-band Channels
SC-36: Distributed Processing and Storage
SC-40: Wireless Link Protection
SC-25: Thin Nodes
SC-32: System Partitioning
SC-20: Secure Name/address Resolution Service (authoritative Source)
SC-22: Architecture and Provisioning for Name/address Resolution Service
AC-18: Wireless Access
SC-19: Voice Over Internet Protocol
SC-23: Session Authenticity
SC-41: Port and I/O Device Access
SC-39: Process Isolation
AC-17: Remote Access

Showing 1 to 50 of 56 entries

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on the above mappings to ATT&CK mitigations by Ofgem.

Search:

ATT&CK ID	Title	Associated Tactics
T1114.002	Remote Email Collection	Collection
T1557.002	ARP Cache Poisoning	Collection, Credential Access
T1003	OS Credential Dumping	Credential Access
T1550.001	Application Access Token	Defense Evasion, Lateral Movement
T1020.001	Traffic Duplication	Exfiltration
T1558	Steal or Forge Kerberos Tickets	Credential Access
T1565.001	Stored Data Manipulation	Impact
T1602.002	Network Device Configuration Dump	Collection
T1070.001	Clear Windows Event Logs	Defense Evasion
T1565.002	Transmitted Data Manipulation	Impact
T1070.002	Clear Linux or Mac System Logs	Defense Evasion
T1557	Adversary-in-the-Middle	Collection, Credential Access
T1558.004	AS-REP Roasting	Credential Access
T1659	Content Injection	Command and Control, Initial Access
T1114	Email Collection	Collection
T1565	Data Manipulation	Impact
T1602.001	SNMP (MIB Dump)	Collection
T1040	Network Sniffing	Credential Access, Discovery
T1552	Unsecured Credentials	Credential Access
T1602	Data from Configuration Repository	Collection
T1558.002	Silver Ticket	Credential Access
T1114.001	Local Email Collection	Collection
T1119	Automated Collection	Collection
T1114.003	Email Forwarding Rule	Collection
T1003.003	NTDS	Credential Access
T1552.004	Private Keys	Credential Access
T1070	Indicator Removal	Defense Evasion
T1649	Steal or Forge Authentication Certificates	Credential Access
T1530	Data from Cloud Storage	Collection
T1558.003	Kerberoasting	Credential Access

Showing 1 to 30 of 30 entries

CAF Outcome B3.b: Data in Transit

Cyber Threat Graph Context

NCSC CAF Mapped to NIST CSF

ATT&CK Mitigations

Encrypt Sensitive Information

Related ISA/IEC 62443 Controls

Information confidentiality (SR 4.1)

Strength of public key authentication (SR 1.9)

Communication integrity (SR 3.1)

Use of cryptography (SR 4.3)

Authenticator management (SR 1.5)

Protect connections (4.3.3.3.6)

Related ISO 27001 Controls

Protecting application services transactions (14.1.3)

Securing application services on public networks (14.1.2)

Electronic messaging (13.2.3)

Cabling security (11.2.3)

Physical security perimeter (11.1.1)

Related SP800-53 Controls

MITRE ATT&CK Techniques