NIST CSF: PR.DS-2 Subcategory
From NIST's Cyber Security Framework (version 1):
Data-in-transit is protected
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Handling of assets (8.2.3)
ISO 27001:2013 -
Securing application services on public networks (14.1.2)
ISO 27001:2013 -
Information transfer policies and procedures (13.2.1)
ISO 27001:2013 -
Network controls (13.1.1)
ISO 27001:2013 -
Protecting application services transactions (14.1.3)
ISO 27001:2013 -
Electronic messaging (13.2.3)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Session integrity (SR 3.8)
ISA/IEC 62443-3-3:2013 -
Information persistence (SR 4.2)
ISA/IEC 62443-3-3:2013 -
Information confidentiality (SR 4.1)
ISA/IEC 62443-3-3:2013 -
Communication integrity (SR 3.1)
ISA/IEC 62443-3-3:2013
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1557 | Adversary-in-the-Middle | Collection, Credential Access |
| T1040 | Network Sniffing | Credential Access, Discovery |
| T1622 | Debugger Evasion | Defense Evasion, Discovery |
| T1550.004 | Web Session Cookie | Defense Evasion, Lateral Movement |
| T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay | Collection, Credential Access |
| T1562.009 | Safe Mode Boot | Defense Evasion |
| T1602 | Data from Configuration Repository | Collection |
| T1552.007 | Container API | Credential Access |
| T1562.006 | Indicator Blocking | Defense Evasion |
| T1602.001 | SNMP (MIB Dump) | Collection |
| T1090.004 | Domain Fronting | Command and Control |
| T1090 | Proxy | Command and Control |
| T1557.002 | ARP Cache Poisoning | Collection, Credential Access |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1557.003 | DHCP Spoofing | Collection, Credential Access |
| T1550.001 | Application Access Token | Defense Evasion, Lateral Movement |
| T1020.001 | Traffic Duplication | Exfiltration |
| T1552.002 | Credentials in Registry | Credential Access |
| T1573.002 | Asymmetric Cryptography | Command and Control |
| T1072 | Software Deployment Tools | Execution, Lateral Movement |
| T1552 | Unsecured Credentials | Credential Access |
| T1563.001 | SSH Hijacking | Lateral Movement |
| T1098.004 | SSH Authorized Keys | Persistence, Privilege Escalation |
| T1573.001 | Symmetric Cryptography | Command and Control |
| T1573 | Encrypted Channel | Command and Control |
| T1552.001 | Credentials In Files | Credential Access |
| T1552.004 | Private Keys | Credential Access |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| B3.b | Data in Transit | You have protected the transit of data important to the operation of the essential function. This includes the transfer of data to third parties. |
| B4.a | Secure by Design | You design security into the network and information systems that support the operation of essential functions. You minimise their attack surface and ensure that the operation of the essential function should not be impacted by the exploitation of any single vulnerability. |
| B5.b | Design for Resilience | You design the network and information systems supporting your essential function to be resilient to cyber security incidents. Systems are appropriately segregated and resource limitations are mitigated. |