Subcontrol 15.7 - Githubissues

adammontville / cis-controls-71-measures

0 stars 0 forks source link

Subcontrol 15.7 #27

Open adammontville opened 5 years ago

adammontville commented 5 years ago

Leverage the Advanced Encryption Standard (AES) to encrypt wireless data in transit.

Measures

M1 = AES Enabled wireless device(model driven)
M2 = Total wireless device

Metrics/KEI

Enforcement Quality = M1 / M2

At this point we care more about the measure than the platform-specific details. For WiFi devices, there will be configuration items we can get to one way or another.

apiperCIS commented 5 years ago

Question for UNCC: M1 suggests that you are only checking whether the wireless device supports AES. A device that supports AES might also support weaker crypto algorithms. Should this be checking that the device does not support any weaker algorithms? Or checking the actual wireless connections to the device to see that they are indeed using AES rather than one of the weaker options?

wmunyan commented 5 years ago

Inputs:

List of wireless devices
List of AES-enabled wireless devices

Operations:

For each AES-enabled wireless device, collect cipher suite configuration

Measures:

M1 = Number of AES-enabled devices supporting "less than AES" cipher suites
M2 = Number of AES-enabled devices

Metrics:

M1/M2 = percentage of AES-enabled devices with less than secure cipher suites available

adammontville commented 5 years ago

Inputs:

List of wireless devices
List of AES-capable wireless devices

Operations:

For each AES-capable wireless device, collect cipher suite configuration

Measures:

M1 = Number of AES-capable devices configured to use non-AES ciphers
M2 = Number of AES-capable devices

Metrics:

M1/M2 = percentage of AES-capable devices with less than secure cipher suites available