Industrial Internet Security Framework v 1.0 | Page 142
Security Framework
Annex C: Security Capabilities and Techniques Tables
Objective: Confidentiality
Example
Technique/Process
Example
Requirements
Securely generated, distributed,
and maintained keys;
Protective storage of sensitive
key material;
Standardized and up-to-date
encryption algorithms
Confidentiality at endpoints
Encrypted data storage
Confidentiality of communication
Encrypted
communication
Securely generated, distributed,
and maintained keys;
Standardized and up-to-date
encryption algorithms
Confidentiality of management and
monitoring operations and solutions
Encrypted
communication
Endpoint confidentiality and
communications confidentiality
Endpoint confidentiality;
communications confidentiality;
Confidentiality of management
and monitoring
Confidentiality of data in
its lifecycle
Architectural
confidentiality
Mutual impact of
confidentiality controls
on other key system
characteristics
Mitigating impact of
both insider and
outsider attacks on
confidentiality
Holistic security evaluation
Architectural
methodology;
confidentiality evaluation
Domain-specific expertise
Enforcing principle of
least privilege;
Access control
Granular access control policies
Table C-4: Techniques and Processes for Enabling System Confidentiality
Availability, integrity, and confidentiality are generally referred to as core security objectives.
Other security objectives are often derived from one or more of these requirements. An
important example is access control. Due to the prominence of access control for IIoT systems, a
list of techniques and processes associated with it is mentioned in Table C-5.
IIC:PUB:G4:V1.0:PB:20160926
- 142 -