NIST 800-53 SC-8 Mappings

Protecting the confidentiality and integrity of transmitted information applies to internal and external networks as well as any system components that can transmit information, including servers, notebook computers, desktop computers, mobile devices, printers, copiers, scanners, facsimile machines, and radios. Unprotected communication paths are exposed to the possibility of interception and modification. Protecting the confidentiality and integrity of information can be accomplished by physical or logical means. Physical protection can be achieved by using protected distribution systems. A protected distribution system is a wireline or fiber-optics telecommunications system that includes terminals and adequate electromagnetic, acoustical, electrical, and physical controls to permit its use for the unencrypted transmission of classified information. Logical protection can be achieved by employing encryption techniques.

Organizations that rely on commercial providers who offer transmission services as commodity services rather than as fully dedicated services may find it difficult to obtain the necessary assurances regarding the implementation of needed controls for transmission confidentiality and integrity. In such situations, organizations determine what types of confidentiality or integrity services are available in standard, commercial telecommunications service packages. If it is not feasible to obtain the necessary controls and assurances of control effectiveness through appropriate contracting vehicles, organizations can implement appropriate compensating controls.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SC-8 Transmission Confidentiality and Integrity Protects T1020.001 Traffic Duplication
SC-8 Transmission Confidentiality and Integrity Protects T1040 Network Sniffing
SC-8 Transmission Confidentiality and Integrity Protects T1090 Proxy
SC-8 Transmission Confidentiality and Integrity Protects T1090.004 Domain Fronting
SC-8 Transmission Confidentiality and Integrity Protects T1550.001 Application Access Token
SC-8 Transmission Confidentiality and Integrity Protects T1550.004 Web Session Cookie
SC-8 Transmission Confidentiality and Integrity Protects T1552.007 Container API
SC-8 Transmission Confidentiality and Integrity Protects T1557 Adversary-in-the-Middle
SC-8 Transmission Confidentiality and Integrity Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-8 Transmission Confidentiality and Integrity Protects T1557.002 ARP Cache Poisoning
SC-8 Transmission Confidentiality and Integrity Protects T1562.006 Indicator Blocking
SC-8 Transmission Confidentiality and Integrity Protects T1562.009 Safe Mode Boot
SC-8 Transmission Confidentiality and Integrity Protects T1602 Data from Configuration Repository
SC-8 Transmission Confidentiality and Integrity Protects T1602.001 SNMP (MIB Dump)
SC-8 Transmission Confidentiality and Integrity Protects T1602.002 Network Device Configuration Dump