Skip to main content

Core / Ccc / Controls / v2025.10

Encrypt Data for Transmission

CCC.Core.CN01 · Encryption

Ensure that all communications are encrypted in transit to protect data integrity and confidentiality.

Related Capabilities

ID	Title	Description
CCC.Core.CP08	Data Replication	The service automatically replicates data across multiple deployments simultaneously with parity, or may be configured to do so.
CCC.Core.CP14	API Access	The service exposes a port enabling external actors to interact programmatically with the service and its resources using HTTP protocol methods such as GET, POST, PUT, and DELETE.

Related Threats

ID	Title	Description
CCC.Core.TH02	Data is Intercepted in Transit	Data transmitted by the service is susceptible to collection by any entity with access to any part of the transmission path. Packet observations can be used to support the planning of attacks by profiling origin points, destinations, and usage patterns. The data may also be vulnerable to interception or modification in transit if not properly encrypted, impacting the confidentiality or integrity of the transmitted data.

Assessment Requirements

ID	Text	Applicability
CCC.Core.CN01.AR01	When a port is exposed for non-SSH network traffic, all traffic MUST include a TLS handshake AND be encrypted using TLS 1.3 or higher.	tlp-green, tlp-amber, tlp-red
CCC.Core.CN01.AR02	When a port is exposed for SSH network traffic, all traffic MUST include a SSH handshake AND be encrypted using SSHv2 or higher.	tlp-clear, tlp-green, tlp-amber, tlp-red
CCC.Core.CN01.AR03	When the service receives unencrypted traffic, then it MUST either block the request or automatically redirect it to the secure equivalent.	tlp-green, tlp-amber, tlp-red
CCC.Core.CN01.AR07	When a port is exposed, the service MUST ensure that the protocol and service officially assigned to that port number by the IANA Service Name and Transport Protocol Port Number Registry, and no other, is run on that port.	tlp-clear, tlp-green, tlp-amber, tlp-red
CCC.Core.CN01.AR08	When a service transmits data using TLS, mutual TLS (mTLS) MUST be implemented to require both client and server certificate authentication for all connections.	tlp-amber, tlp-red

Guideline Mappings

Framework	ID	Remarks
CCM	CEK-03	Data Encryption (in transit and at rest)
CCM	CEK-04	Key Management (use strong encryption)
CCM	IVS-03	Network Security (monitor, encrypt, restrict)
CCM	IVS-07	Migration to Cloud Environments (encrypt when migrating servers)