CSA CCM CEK-03

This control provides cryptographic protection for data-at-rest and data-in-transit within the cloud environment. Encryption ensures the confidentiality and integrity of data, such as OAuth access tokens used in a cloud-based email service. File encryption across email communications containing sensitive information that may be obtained through access to email services can help prevent adversaries from stealing application access tokens.

This control provides cryptographic protection for data-at-rest and data-in-transit within the cloud environment. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Ensuring that all wireless traffic is encrypted appropriately can safeguard ARP traffic and mitigate adversary use of ARP cache poisoning.

This control provides cryptographic protection for data-at-rest and data-in-transit within the cloud environment. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Ensuring that cloud-managed Wi-Fi or cloud-based networking traffic is encrypted appropriately can mitigate adversary exploitation of Wi-Fi networks.

This control provides cryptographic protection for data-at-rest within the cloud environment. Encryption ensures the confidentiality of data such as credentials, preventing unauthorized access. When possible, keys should be stored on separate cryptographic hardware instead of on the local system.

This control provides cryptographic protection for data-at-rest within the cloud environment. Encryption ensures the confidentiality of data such as credentials, preventing unauthorized access. When possible, keys should be stored on separate cryptographic hardware instead of on the local system.

This control provides cryptographic protection for data-at-rest within the cloud environment. Encryption ensures the confidentiality of data such as credentials, preventing unauthorized access. Ensuring certificates as well as associated private keys are appropriately secured and enforcing HTTPS can help prevent adversaries from stealing or forging certificates used for authentication.

This control provides cryptographic protection for data-in-transit within the cloud environment. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Encrypting important data flows reduces the impact of adversary tailored data modifications.

This control provides cryptographic protection for data-at-rest within the cloud environment. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Encrypting important information reduces an adversary’s ability to perform tailored data modifications.

This control provides cryptographic protection for data-at-rest and data-in-transit within the cloud environment. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Encrypting important information reduces an adversary’s ability to perform tailored data modifications.

This control provides cryptographic protection for data-at-rest and data-in-transit within the cloud environment. Ensuring that all wireless traffic is encrypted appropriately can mitigate adversary abuse of traffic mirroring for redirection of network traffic and automated data exfiltration.

This control provides cryptographic protection for data-at-rest and data-in-transit within the cloud environment. Encryption and off-system storage of sensitive information ensures the confidentiality of data and can help to mitigate adversary use of automated techniques for automatically collecting data and files.

This control provides cryptographic protection for data-in-transit within the cloud environment. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Ensuring that all wireless traffic is encrypted appropriately can safeguard data and mitigate adversary-in-the-middle activities such as information collection.

This control provides cryptographic protection for data-at-rest within the cloud environment. Encrypting data stored at rest in information repositories ensures the confidentiality of data and can mitigate adversary access to information of value, such as sensitive documents or data that may aid their further objectives.

This control provides mechanisms for encryption of at-rest data, and for managing encryption keys securely, ensuring they are regularly rotated and not exposed to unauthorized parties. Encrypting data stored at rest in cloud storage and rotating managed encryption keys can mitigate adversary access to data from cloud storage.