💼 SC-8 Transmission Confidentiality and Integrity

• ID: /frameworks/nist-sp-800-53-r5/sc/08

Description

Protect the [Selection (one or more): confidentiality; integrity] of transmitted information.

Similar

• Sections
  • /frameworks/aws-fsbp-v1.0.0/api-gateway/02
  • /frameworks/aws-fsbp-v1.0.0/cloudfront/03
  • /frameworks/aws-fsbp-v1.0.0/cloudfront/07
  • /frameworks/aws-fsbp-v1.0.0/cloudfront/08
  • /frameworks/aws-fsbp-v1.0.0/cloudfront/10
  • /frameworks/aws-fsbp-v1.0.0/dms/09
  • /frameworks/aws-fsbp-v1.0.0/dms/12
  • /frameworks/aws-fsbp-v1.0.0/dynamodb/07
  • /frameworks/aws-fsbp-v1.0.0/eks/03
  • /frameworks/aws-fsbp-v1.0.0/elasticache/05
  • /frameworks/aws-fsbp-v1.0.0/elb/01
  • /frameworks/aws-fsbp-v1.0.0/elb/02
  • /frameworks/aws-fsbp-v1.0.0/elb/03
  • /frameworks/aws-fsbp-v1.0.0/elb/08
  • /frameworks/aws-fsbp-v1.0.0/elb/17
  • /frameworks/aws-fsbp-v1.0.0/emr/04
  • /frameworks/aws-fsbp-v1.0.0/es/03
  • /frameworks/aws-fsbp-v1.0.0/es/08
  • /frameworks/aws-fsbp-v1.0.0/msk/01
  • /frameworks/aws-fsbp-v1.0.0/opensearch/03
  • /frameworks/aws-fsbp-v1.0.0/opensearch/08
  • /frameworks/aws-fsbp-v1.0.0/redshift/02
  • /frameworks/aws-fsbp-v1.0.0/s3/05
  • /frameworks/aws-fsbp-v1.0.0/transfer-family/02
• Internal
  • ID: dec-c-2372cb0a

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [APIGateway.2] API Gateway REST API stages should be configured to use SSL certificates for backend authentication"		1	1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.3] CloudFront distributions should require encryption in transit		1	1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.7] CloudFront distributions should use custom SSL/TLS certificates		1	1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.8] CloudFront distributions should use SNI to serve HTTPS requests		1	1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.10] CloudFront distributions should not use deprecated SSL protocols between edge locations and custom origins		1	1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DMS.9] DMS endpoints should use SSL		1	1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DMS.12] DMS endpoints for Redis OSS should have TLS enabled					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DynamoDB.7] DynamoDB Accelerator clusters should be encrypted in transit					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EKS.3] EKS clusters should use encrypted Kubernetes secrets					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ElastiCache.5] ElastiCache replication groups should be encrypted in transit			1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.1] Application Load Balancer should be configured to redirect all HTTP requests to HTTPS			1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.2] Classic Load Balancers with SSL/HTTPS listeners should use a certificate provided by AWS Certificate Manager					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.3] Classic Load Balancer listeners should be configured with HTTPS or TLS termination					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.8] Classic Load Balancers with SSL listeners should use a predefined security policy that has strong AWS Configuration					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.17] Application and Network Load Balancers with listeners should use recommended security policies					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EMR.4] Amazon EMR security configurations should be encrypted in transit			1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.3] Elasticsearch domains should encrypt data sent between nodes			1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.8] Connections to Elasticsearch domains should be encrypted using the latest TLS security policy			1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [MSK.1] MSK clusters should be encrypted in transit among broker nodes			1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.3] OpenSearch domains should encrypt data sent between nodes			1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.8] Connections to OpenSearch domains should be encrypted using the latest TLS security policy			1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Redshift.2] Connections to Amazon Redshift clusters should be encrypted in transit			1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.5] S3 general purpose buckets should require requests to use SSL		1	1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Transfer.2] Transfer Family servers should not use FTP protocol for endpoint connection					no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 FedRAMP High Security Controls → 💼 SC-8 Transmission Confidentiality and Integrity (L)(M)(H)	1	8	24		no data
💼 FedRAMP Low Security Controls → 💼 SC-8 Transmission Confidentiality and Integrity (L)(M)(H)	1		24		no data
💼 NIST CSF v2.0 → 💼 PR.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected			156		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 SC-8(1) Transmission Confidentiality and Integrity _ Cryptographic Protection		8	22		no data
💼 SC-8(2) Transmission Confidentiality and Integrity _ Pre- and Post-transmission Handling			15		no data
💼 SC-8(3) Transmission Confidentiality and Integrity _ Cryptographic Protection for Message Externals					no data
💼 SC-8(4) Transmission Confidentiality and Integrity _ Conceal or Randomize Communications					no data
💼 SC-8(5) Transmission Confidentiality and Integrity _ Protected Distribution System					no data

Policies (15)

Policy	Logic Count	Flags	Compliance
🛡️ AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution uses default SSL/TLS certificate🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution uses Dedicated IP for SSL🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins🟢	1	🟢 x6	no data
🛡️ AWS DMS Endpoint doesn't use SSL🟢	1	🟢 x6	no data
🛡️ AWS ElastiCache Replication Group is not encrypted in-transit🟢	1	🟢 x6	no data
🛡️ AWS ELB Application Load Balancer is not configured to redirect HTTP to HTTPS🟢	1	🟢 x6	no data
🛡️ AWS EMR Cluster encryption is disabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS MSK Cluster Client-Broker Encryption is not enabled🟢	1	🟢 x6	no data
🛡️ AWS OpenSearch Domain is not encrypted with the latest TLS policy🟢	1	🟢 x6	no data
🛡️ AWS OpenSearch Domain Node To Node Encryption is not enabled🟢	1	🟢 x6	no data
🛡️ AWS Redshift Cluster is not required to use encryption in transit🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢	1	🟢 x6	no data
🛡️ Google GCE Instance Block Project-Wide SSH Keys is not enabled🟢	1	🟢 x6	no data