How the CCS data is protected and encrypted in the core infrastructure?
search cancel

How the CCS data is protected and encrypted in the core infrastructure?

book

Article ID: 244667

calendar_today

Updated On:

Products

Control Compliance Suite Standards Server Control Compliance Suite

Issue/Introduction

Control Compliance Suite (CCS)

How is the CCS data is protected and encrypted in the core infrastructure including data transmissions for collecting and evaluating data?  

Environment

Release : 12.5.2 and 12.6.0

Resolution

CCS Encryption information:

Last updated June 24, 2022

CCS uses Microsoft Windows communication foundation (WCF) to ensure a secured communication between CCS components like console, Application server and Data processing service. CCS also uses OpenSSL 1.1.1n for Secure Communication. 

1) All the symmetric and asymmetric encryption algorithms and key lengths and how the algorithms are used are in the chart below.

Cipher/Algorithm

Name

Key Length(s)

Mode(s)

Purpose

AES

256

Block Mode

Encrypt and Decrypt - data, keys and credentials.
Digital signatures, encrypted channel for communication, Password encryption

RSA(+RSA-PKCS1-KeyEx)

1024,2048

 

Used for authenticating the agents and managers (handshake mechanism)

X509 certificates with RSA asymmetric algorithm

2048, 3072, 4096

 

Encrypt and Decrypt – files (Agent remote Upgrade - APU)
       

 

2) How encryption keys are generated or managed by CCS:

Algorithm

Modulus sizes supported

Purpose

Elliptic Curve Key Generation

256, 233

Authentication, Access Control, Hashing

Diffie-Hellman

512,1024,2048,4096

Authentication, Access Control, Hashing

 

3) All communication protocols used:

Protocol

 

How Used

SSH

Client-Server Communication

SHA 2

Hashing

X509 certificates

PKCS standards in Remote Agent update  APU

HTTPS, TLS 1.2, TLS 1.1, TLS 1.0

Client-Server Communication. Uses only TLS 1.2 as default. But supports TLS 1.0 & 1.1 for backward compatibility.
Powered by Wolken Software