Home
Mapping Frameworks
CRI Profile Home
Data-in-transit protection

CRI Profile PR.DS-02.01

Data-in-transit is protected commensurate with the criticality and sensitivity of the information and in alignment with the data classification and protection policy (e.g., through the use of encryption, authentication, access control, masking, tokenization, and alternate transit paths).

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
PR.DS-02.01	Data-in-transit protection	Mitigates	T1040	Network Sniffing	Comments This diagnostic statement protects adversaries from being able to access data in transit over networks. Encrypting information and files by utilizing authentication protocols, such as Kerberos, can ensure web traffic that may contain credentials is protected by SSL/TLS.
PR.DS-02.01	Data-in-transit protection	Mitigates	T1565.002	Transmitted Data Manipulation	Comments This diagnostic statement provides another layer of protection from adversaries trying to gain access to data that is en route to storage or other systems.
PR.DS-02.01	Data-in-transit protection	Mitigates	T1550.003	Pass the Ticket	Comments This diagnostic statement provide protection from adversaries that may possibly use stolen Kerberos tickets. Various methods should be used to protect data-in-transit including encryption, password hashing, and tokenization.
PR.DS-02.01	Data-in-transit protection	Mitigates	T1550.002	Pass the Hash	Comments This diagnostic statement provide protection from adversaries that may possibly utilize stolen password hashes. Various methods should be used to protect data-in-transit including encryption, password hashing, and tokenization.
PR.DS-02.01	Data-in-transit protection	Mitigates	T1550.001	Application Access Token	Comments This diagnostic statement provide protection from adversaries that may possibly bypass the authentication process and use stolen tokens. Various methods should be used to protect data-in-transit including encryption, password hashing, and tokenization.
PR.DS-02.01	Data-in-transit protection	Mitigates	T1550	Use Alternate Authentication Material	Comments This diagnostic statement provide protection from adversaries that may possibly attack via alternate authentication methods. Various methods should be used to protect data-in-transit including encryption, password hashing, and tokenization.