SC-08-727 Transmission Confidentiality and Integrity
Transmission Confidentiality and Integrity
SC-08-727
Transmission Confidentiality and Integrity
System and Communications Protection
Identify, Protect
Privacy and Confidentiality, System Communications Protection
MOD, HIGH
P1
Yes
May 20, 2016
All traffic egressing from the Agency's protected network that is not specifically designated as public information shall be natively encrypted or traverse an Agency controlled encrypted point-to-point tunnel to its destination.
Files may be disclosed or modified by unauthorized parties as they are transferred.
The information system protects the [Selection (one or more): confidentiality; integrity] of transmitted information.
The organization utilizes cryptographic mechanisms to protect the integrity of transmissions.
Confidential information that is transmitted over a public network (e.g.: the Internet) must be encrypted with, at minimum a 128-bit encryption algorithm. An organization may also choose to implement encryption for other data classifications.
Obtain system and communications protection policy; procedures addressing transmission integrity; information system design documentation; information system configuration settings and associated documentation; other relevant documents or records and ascertain if:
(I)the information system protects the integrity of transmitted information.
(ii)the information system employs cryptographic mechanisms to recognize changes to information during transmission unless otherwise protected by alternative physical measures.