NIST CSF: PR.DS-2 Subcategory

From NIST's Cyber Security Framework (version 1):

Data-in-transit is protected

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Search:

Node
SC-11: Trusted Path
SC-8: Transmission Confidentiality and Integrity
SC-12: Cryptographic Key Establishment and Management

Showing 1 to 3 of 3 entries

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Handling of assets (8.2.3)
ISO 27001:2013
Securing application services on public networks (14.1.2)
ISO 27001:2013
Information transfer policies and procedures (13.2.1)
ISO 27001:2013
Network controls (13.1.1)
ISO 27001:2013
Protecting application services transactions (14.1.3)
ISO 27001:2013
Electronic messaging (13.2.3)
ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Session integrity (SR 3.8)
ISA/IEC 62443-3-3:2013
Information persistence (SR 4.2)
ISA/IEC 62443-3-3:2013
Information confidentiality (SR 4.1)
ISA/IEC 62443-3-3:2013
Communication integrity (SR 3.1)
ISA/IEC 62443-3-3:2013

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

Search:

ATT&CK ID	Title	Associated Tactics
T1557	Adversary-in-the-Middle	Collection, Credential Access
T1040	Network Sniffing	Credential Access, Discovery
T1622	Debugger Evasion	Defense Evasion, Discovery
T1550.004	Web Session Cookie	Defense Evasion, Lateral Movement
T1557.001	LLMNR/NBT-NS Poisoning and SMB Relay	Collection, Credential Access
T1562.009	Safe Mode Boot	Defense Evasion
T1602	Data from Configuration Repository	Collection
T1552.007	Container API	Credential Access
T1562.006	Indicator Blocking	Defense Evasion
T1602.001	SNMP (MIB Dump)	Collection
T1090.004	Domain Fronting	Command and Control
T1090	Proxy	Command and Control
T1557.002	ARP Cache Poisoning	Collection, Credential Access
T1602.002	Network Device Configuration Dump	Collection
T1557.003	DHCP Spoofing	Collection, Credential Access
T1550.001	Application Access Token	Defense Evasion, Lateral Movement
T1020.001	Traffic Duplication	Exfiltration
T1552.002	Credentials in Registry	Credential Access
T1573.002	Asymmetric Cryptography	Command and Control
T1072	Software Deployment Tools	Execution, Lateral Movement
T1552	Unsecured Credentials	Credential Access
T1563.001	SSH Hijacking	Lateral Movement
T1098.004	SSH Authorized Keys	Persistence, Privilege Escalation
T1573.001	Symmetric Cryptography	Command and Control
T1573	Encrypted Channel	Command and Control
T1552.001	Credentials In Files	Credential Access
T1552.004	Private Keys	Credential Access

Showing 1 to 27 of 27 entries

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Search:

Control ID	Name	Description
B3.b	Data in Transit	You have protected the transit of data important to the operation of the essential function. This includes the transfer of data to third parties.
B4.a	Secure by Design	You design security into the network and information systems that support the operation of essential functions. You minimise their attack surface and ensure that the operation of the essential function should not be impacted by the exploitation of any single vulnerability.
B5.b	Design for Resilience	You design the network and information systems supporting your essential function to be resilient to cyber security incidents. Systems are appropriately segregated and resource limitations are mitigated.

Showing 1 to 3 of 3 entries

NIST CSF: PR.DS-2 Subcategory

Cyber Threat Graph Context

CSF Mapped to SP800-53 Controls

Related ISO 27001 Controls

Handling of assets (8.2.3)

Securing application services on public networks (14.1.2)

Information transfer policies and procedures (13.2.1)

Network controls (13.1.1)

Protecting application services transactions (14.1.3)

Electronic messaging (13.2.3)

Related ISA/IEC 62443 Controls

Session integrity (SR 3.8)

Information persistence (SR 4.2)

Information confidentiality (SR 4.1)

Communication integrity (SR 3.1)

MITRE ATT&CK Techniques

CSF Mapped to the NCSC CAF