CAF Outcome B3.b: Data in Transit

From the UK NCSC's Cyber Assessment Framework (version 3.1):

You have protected the transit of data important to the operation of the essential function. This includes the transfer of data to third parties.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

NCSC CAF Mapped to NIST CSF

B3.b: Data in Transit to CSF mappings generated from UK Cabinet Office table.

Control ID Description
PR.DS-2 Data-in-transit is protected
DE.AE-1 A baseline of network operations and expected data flows for users and systems is established and managed
PR.DS-5 Protections against data leaks are implemented
PR.IP-5 Policy and regulations regarding the physical operating environment for organizational assets are met
PR.DS-4 Adequate capacity to ensure availability is maintained
PR.DS-6 Integrity checking mechanisms are used to verify software, firmware, and information integrity
PR.AC-5 Network integrity is protected (e.g., network segregation, network segmentation)
PR.PT-5 Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations
ID.BE-4 Dependencies and critical functions for delivery of critical services are established
PR.PT-4 Communications and control networks are protected
ID.AM-3 Organizational communication and data flows are mapped

ATT&CK Mitigations

MITRE ATT&CK mitigations which map to this CAF outcome, based on mappings by Ofgem.

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.

  • Information confidentiality (SR 4.1)
    ISA/IEC 62443-3-3:2013
  • Strength of public key authentication (SR 1.9)
    ISA/IEC 62443-3-3:2013
  • Communication integrity (SR 3.1)
    ISA/IEC 62443-3-3:2013
  • Use of cryptography (SR 4.3)
    ISA/IEC 62443-3-3:2013
  • Authenticator management (SR 1.5)
    ISA/IEC 62443-3-3:2013
  • Protect connections (4.3.3.3.6)
    ISA/IEC 62443-2-1:2009

Related ISO 27001 Controls

Clauses and controls from ISO 27001 (2013) which are related to this CAF outcome, taken from mappings by Ofgem.

  • Protecting application services transactions (14.1.3)
    ISO 27001:2013
  • Securing application services on public networks (14.1.2)
    ISO 27001:2013
  • Electronic messaging (13.2.3)
    ISO 27001:2013
  • Cabling security (11.2.3)
    ISO 27001:2013
  • Physical security perimeter (11.1.1)
    ISO 27001:2013

Related SP800-53 Controls

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Node
SC-11: Trusted Path
SC-8: Transmission Confidentiality and Integrity
SC-12: Cryptographic Key Establishment and Management
SI-4: System Monitoring
CA-3: Information Exchange
CM-2: Baseline Configuration
AC-4: Information Flow Enforcement
PE-19: Information Leakage
SC-31: Covert Channel Analysis
AC-5: Separation of Duties
AC-6: Least Privilege
SC-7: Boundary Protection
PS-6: Access Agreements
SC-13: Cryptographic Protection
PS-3: Personnel Screening
PE-13: Fire Protection
PE-14: Environmental Controls
PE-15: Water Damage Protection
PE-10: Emergency Shutoff
PE-18: Location of System Components
PE-12: Emergency Lighting
SC-5: Denial-of-service Protection
CP-2: Contingency Plan
AU-4: Audit Log Storage Capacity
SC-16: Transmission of Security and Privacy Attributes
SI-7: Software, Firmware, and Information Integrity
AC-10: Concurrent Session Control
SC-6: Resource Availability
CP-8: Telecommunications Services
CP-11: Alternate Communications Protocols
CP-13: Alternative Security Mechanisms
PL-8: Security and Privacy Architectures
SA-14: Criticality Analysis
CP-7: Alternate Processing Site
PE-11: Emergency Power
PE-9: Power Equipment and Cabling
PM-8: Critical Infrastructure Plan
SC-37: Out-of-band Channels
SC-36: Distributed Processing and Storage
SC-40: Wireless Link Protection
SC-25: Thin Nodes
SC-32: System Partitioning
SC-20: Secure Name/address Resolution Service (authoritative Source)
SC-22: Architecture and Provisioning for Name/address Resolution Service
AC-18: Wireless Access
SC-19: Voice Over Internet Protocol
SC-23: Session Authenticity
SC-41: Port and I/O Device Access
SC-39: Process Isolation
AC-17: Remote Access
SC-29: Heterogeneity
SC-21: Secure Name/address Resolution Service (recursive or Caching Resolver)
SC-24: Fail in Known State
SC-38: Operations Security
SC-43: Usage Restrictions
CA-9: Internal System Connections

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on the above mappings to ATT&CK mitigations by Ofgem.

ATT&CK ID Title Associated Tactics
T1114.002 Remote Email Collection Collection
T1557.002 ARP Cache Poisoning Collection, Credential Access
T1003 OS Credential Dumping Credential Access
T1550.001 Application Access Token Defense Evasion, Lateral Movement
T1020.001 Traffic Duplication Exfiltration
T1558 Steal or Forge Kerberos Tickets Credential Access
T1565.001 Stored Data Manipulation Impact
T1602.002 Network Device Configuration Dump Collection
T1070.001 Clear Windows Event Logs Defense Evasion
T1565.002 Transmitted Data Manipulation Impact
T1070.002 Clear Linux or Mac System Logs Defense Evasion
T1557 Adversary-in-the-Middle Collection, Credential Access
T1558.004 AS-REP Roasting Credential Access
T1659 Content Injection Command and Control, Initial Access
T1114 Email Collection Collection
T1565 Data Manipulation Impact
T1602.001 SNMP (MIB Dump) Collection
T1040 Network Sniffing Credential Access, Discovery
T1552 Unsecured Credentials Credential Access
T1602 Data from Configuration Repository Collection
T1558.002 Silver Ticket Credential Access
T1114.001 Local Email Collection Collection
T1119 Automated Collection Collection
T1114.003 Email Forwarding Rule Collection
T1003.003 NTDS Credential Access
T1552.004 Private Keys Credential Access
T1070 Indicator Removal Defense Evasion
T1649 Steal or Forge Authentication Certificates Credential Access
T1530 Data from Cloud Storage Collection
T1558.003 Kerberoasting Credential Access