DATA-6 Data In-Transit Encryption

Estimated reading: 2 minutes 1864 views

What is DATA-6 Data In-Transit Encryption Control?

Data in Transit Encryption refers to the process of encrypting data while it is being transferred between systems, networks, or devices. This control is about ensuring that data remains secure and unreadable to unauthorized parties while it is moving from one location to another, thereby protecting it from interception or eavesdropping.

Available tools in the marketplace

Any SSL/TLS Protocols tools: Used for securing internet communications.

Any VPN Services tools: Provide encrypted tunnels for secure data transfer.

Any Email Encryption Tools: Secure email communications.

Cloud Service Providers: Offer built-in encryption for data in transit.

Any Network Encryption Tools: Encrypt data on corporate networks.

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

Control implementation

NOTE: This control is 100% automated by TrustCloud. Connect your system to enjoy the benefits of automation.

To implement this control manually, 

Start by assessing data flow and understanding how and where data moves in your organization. Then, choose the right tools by selecting appropriate encryption tools based on data type and transfer methods. Configure the encryption by setting up and configuring the chosen encryption tools. Finally, train your staff by educating them on secure data handling practices.

What evidence do auditors look for?

Auditors could request any of the following:

  • Encryption Policies and Procedures: Documentation outlining the organization’s encryption practices.
  • Configuration Records: Proof of encryption configurations and settings.
  • Logs and Monitoring Records: Evidence of ongoing monitoring and logging of data transfers.

However, most auditors, at a minimum, are looking for the below-suggested action:

  1. Provide a screenshot of the configuration settings showing that data in transit encryption is enabled.

Evidence example

From the suggested action above, an example is provided below.

  1. Provide configuration of data in transit encryption
    An example of a configuration for data in transit encryption is setting up a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) for a web server.
    Apache server configuration example showing the path to the certificate and key:

    1. SSLEngine on
    2. SSLCertificateFile /path/to/your_certificate.crt
    3. SSLCertificateKeyFile /path/to/your_private.key
    4. SSLCertificateChainFile /path/to/CA_bundle.crt

Redirect rule showing HTTP traffic routed to HTTPS:

    1. RewriteEngine On
    2. RewriteCond %{HTTPS} off
    3. RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Join the conversation

You might also be interested in

Documentation Templates

Documentation Templates are documents that provide a content outline to meet certain documentation needs....

Backup policy template – Download for free

The Data Backup Plan template helps you document in detail the data backup needs...

HR-13 Employee Handbook/Code of Conduct

HR-13 Employee Handbook or Code of Conduct communicates the organization’s values and ethics. It...

AUTH-1 Single Sign On (SSO)

Single Sign On (SSO) Control is a best practice recommendation for critical systems....

Security Incident Report Template

The Security Incident Report template helps you document the steps used to assess and...

BIZOPS-6 Disaster Recovery Testing

BIZOPS-6 Disaster Recovery Testing control refers to the exercise of identifying the critical systems...

PDP-10 SDLC – Separation of environments

PDP-10 SDLC Separation of Environments is important to maintain separate environments to develop, test,...

Privacy Committee Charter Template

Privacy Committee Charter serves as a foundational document, establishing the framework for the committee's...