CAF Outcome B3.c: Stored Data

From the UK NCSC's Cyber Assessment Framework (version 3.1):

You have protected stored data important to the operation of the essential function.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

NCSC CAF Mapped to NIST CSF

B3.c: Stored Data to CSF mappings generated from UK Cabinet Office table.

ATT&CK Mitigations

MITRE ATT&CK mitigations which map to this CAF outcome, based on mappings by Ofgem.

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.

  • Public key infrastructure (PKI) certificates (SR 1.8)
    ISA/IEC 62443-3-3:2013
  • Control system backup (SR 7.3)
    ISA/IEC 62443-3-3:2013
  • Authenticator management (SR 1.5)
    ISA/IEC 62443-3-3:2013
  • Use of cryptography (SR 4.3)
    ISA/IEC 62443-3-3:2013
  • Software and information integrity (SR 3.4)
    ISA/IEC 62443-3-3:2013
  • Information confidentiality (SR 4.1)
    ISA/IEC 62443-3-3:2013
  • Strength of public key authentication (SR 1.9)
    ISA/IEC 62443-3-3:2013
  • Protect assets against environmental damage (4.3.3.3.4)
    ISA/IEC 62443-2-1:2009
  • Provide entry controls (4.3.3.3.3)
    ISA/IEC 62443-2-1:2009
  • Establish physical security perimeters (4.3.3.3.2)
    ISA/IEC 62443-2-1:2009

Related ISO 27001 Controls

Clauses and controls from ISO 27001 (2013) which are related to this CAF outcome, taken from mappings by Ofgem.

  • Access control to program source code (9.4.5)
    ISO 27001:2013
  • Information backup (12.3.1)
    ISO 27001:2013
  • System acceptance testing (14.2.9)
    ISO 27001:2013
  • Physical security perimeter (11.1.1)
    ISO 27001:2013
  • Protection of records (18.1.3)
    ISO 27001:2013
  • Privacy and protection of personally identifiable information (18.1.4)
    ISO 27001:2013

Related SP800-53 Controls

Generated from NISTs SP800-53/CSF Crosswalk mappings.

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on the above mappings to ATT&CK mitigations by Ofgem.