Encrypt Data for Transmission | CCC

Skip to main content

CCC.Core.C01: Encrypt Data for Transmission

Control ID:CCC.Core.C01

Title:Encrypt Data for Transmission

Objective:Ensure that all communications are encrypted in transit to protect data integrity and confidentiality.

Control Family:

Data

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.Core.TH02	Data is Intercepted in Transit	Data transmitted by the service is susceptible to collection by any entity with access to any part of the transmission path. Packet observations can be used to support the planning of attacks by profiling origin points, destinations, and usage patterns. The data may also be vulnerable to interception or modification in transit if not properly encrypted, impacting the confidentiality or integrity of the transmitted data.	1	1	0

Guideline Mappings

Reference ID	Entry ID	Strength	Remarks
CCM	CEK-03	5	Data Encryption (in transit and at rest)
CCM	CEK-04	10	Key Management (use strong encryption)
CCM	IVS-03	2	Network Security (monitor, encrypt, restrict)
CCM	IVS-07	2	Migration to Cloud Environments (encrypt when migrating servers)
NIST-CSF	PR.DS-02	0	-
ISO_27001	2013 A.13.1.1	0	-
NIST_800_53	SC-8	0	-
NIST_800_53	SC-13	0	-

Assessment Requirements

ID	Description	Applicability
CCC.Core.C01.TR01	When a port is exposed for non-SSH network traffic, all traffic MUST include a TLS handshake AND be encrypted using TLS 1.3 or higher.	tlp-green tlp-amber tlp-red
CCC.Core.C01.TR02	When a port is exposed for SSH network traffic, all traffic MUST include a SSH handshake AND be encrypted using SSHv2 or higher.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.C01.TR03	When the service receives unencrypted traffic, then it MUST either block the request or automatically redirect it to the secure equivalent.	tlp-green tlp-amber tlp-red
CCC.Core.C01.TR07	When a port is exposed, the service MUST ensure that the protocol and service officially assigned to that port number by the IANA Service Name and Transport Protocol Port Number Registry, and no other, is run on that port.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.C01.TR08	When a service transmits data using TLS, mutual TLS (mTLS) MUST be implemented to require both client and server certificate authentication for all connections.	tlp-amber tlp-red