SC-08-727 Transmission Confidentiality and Integrity

Transmission Confidentiality and Integrity

Control ID

SC-08-727

Control Name

Transmission Confidentiality and Integrity

Control Category

System and Communications Protection

Functional Areas

Identify, Protect

Sub-Areas

Privacy and Confidentiality, System Communications Protection

NIST Baseline Level(s)

MOD, HIGH

NIST Priority

State Implementation Required

Yes

Agency Last Implemented Date

May 20, 2016

Agency Implementation

All traffic egressing from the Agency's protected network that is not specifically designated as public information shall be natively encrypted or traverse an Agency controlled encrypted point-to-point tunnel to its destination.

Risk Statement

Files may be disclosed or modified by unauthorized parties as they are transferred.

Control Description

The information system protects the [Selection (one or more): confidentiality; integrity] of transmitted information.

Control Example

The organization utilizes cryptographic mechanisms to protect the integrity of transmissions.

State Implementation

Confidential information that is transmitted over a public network (e.g.: the Internet) must be encrypted with, at minimum a 128-bit encryption algorithm. An organization may also choose to implement encryption for other data classifications.

Testing Procedures

Obtain system and communications protection policy; procedures addressing transmission integrity; information system design documentation; information system configuration settings and associated documentation; other relevant documents or records and ascertain if: (I)the information system protects the integrity of transmitted information. (ii)the information system employs cryptographic mechanisms to recognize changes to information during transmission unless otherwise protected by alternative physical measures.