Encrypt Data for Transmission | CCC

Skip to main content

CCC.Core.C01: Encrypt Data for Transmission

Control ID:CCC.Core.C01

Title:Encrypt Data for Transmission

Objective:Ensure that all communications are encrypted in transit to protect data integrity and confidentiality.

Control Family:

Data

Guideline Mappings

Reference ID	Entry ID	Strength	Remarks
CCM	CEK-03	5	Data Encryption (in transit and at rest)
CCM	CEK-04	10	Key Management (use strong encryption)
CCM	IVS-03	2	Network Security (monitor, encrypt, restrict)
CCM	IVS-07	2	Migration to Cloud Environments (encrypt when migrating servers)
NIST-CSF	PR.DS-02	0	-
ISO_27001	2013 A.13.1.1	0	-
NIST_800_53	SC-8	0	-
NIST_800_53	SC-13	0	-

Assessment Requirements

ID	Description	Applicability
CCC.Core.C01.TR01	When a port is exposed for non-SSH network traffic, all traffic MUST include a TLS handshake AND be encrypted using TLS 1.3 or higher.	tlp-green tlp-amber tlp-red
CCC.Core.C01.TR02	When a port is exposed for SSH network traffic, all traffic MUST include a SSH handshake AND be encrypted using SSHv2 or higher.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.C01.TR03	When the service receives unencrypted traffic, then it MUST either block the request or automatically redirect it to the secure equivalent.	tlp-green tlp-amber tlp-red
CCC.Core.C01.TR07	When a port is exposed, the service MUST ensure that the protocol and service officially assigned to that port number by the IANA Service Name and Transport Protocol Port Number Registry, and no other, is run on that port.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.C01.TR08	When a service transmits data using TLS, mutual TLS (mTLS) MUST be implemented to require both client and server certificate authentication for all connections.	tlp-amber tlp-red