13.5: Monitor and Detect Any Unauthorized Use of Encryption

Monitor all traffic leaving the organization and detect any unauthorized use of encryption.

Asset Type	Security Function	Implementation Groups
Data	Detect	3

Dependencies

Enumerate all network monitoring systems in the software inventory
For each network monitoring system
1. Enumerate the network boundaries covered by the system
2. Examine its configuration to ensure that the system is configured to monitor for unauthorized encrypted connections
Enumerate network boundaries covered by all network monitoring systems (i.e. create a set of covered network boundaries)
Complement the set of covered network boundaries with the list of network boundaries to identify all uncovered network boundaries

M1 = List of all network monitoring systems
M2 = List of network boundaries at the perimeter
M3 = List of appropriately configured network monitoring systems
M4 = List of inappropriately configured network monitoring systems
M5 = List of network boundaries covered by at least one network monitoring system
M6 = List of network boundaries not covered by at least one network monitoring system
M7 = Count of network monitoring systems (count of M1)
M8 = Count of network boundaries at the perimeter (count of M2)
M9 = Count of appropriately configured network monitoring systems (count of M3)
M10 = Count of inappropriately configured network monitoring systems (count of M4)
M11 = Count of network boundaries covered by at least one network monitoring system (count of M5)
M12 = Count of network boundaries not covered by at least one network monitoring system (count of M6)

Metric	The ratio of appropriately configured network monitoring systems to the total number of network monitoring systems
Calculation	`M9 / M7`

Metric	The ratio of covered network boundaries to the total number of network boundaries
Calculation	`M11 / M8`