Control Compliance Suite (CCS)
How is the CCS data is protected and encrypted in the core infrastructure including data transmissions for collecting and evaluating data?
Release : 12.5.2 and 12.6.0
Last updated June 24, 2022
CCS uses Microsoft Windows communication foundation (WCF) to ensure a secured communication between CCS components like console, Application server and Data processing service. CCS also uses OpenSSL 1.1.1n for Secure Communication.
1) All the symmetric and asymmetric encryption algorithms and key lengths and how the algorithms are used are in the chart below.
Cipher/Algorithm Name |
Key Length(s) |
Mode(s) |
Purpose |
AES |
256 |
Block Mode |
Encrypt and Decrypt - data, keys and credentials. |
RSA(+RSA-PKCS1-KeyEx) |
1024,2048 |
|
Used for authenticating the agents and managers (handshake mechanism) |
X509 certificates with RSA asymmetric algorithm |
2048, 3072, 4096 |
|
Encrypt and Decrypt – files (Agent remote Upgrade - APU) |
2) How encryption keys are generated or managed by CCS:
Algorithm |
Modulus sizes supported |
Purpose |
Elliptic Curve Key Generation |
256, 233 |
Authentication, Access Control, Hashing |
Diffie-Hellman |
512,1024,2048,4096 |
Authentication, Access Control, Hashing |
3) All communication protocols used:
Protocol
|
How Used |
SSH |
Client-Server Communication |
SHA 2 |
Hashing |
X509 certificates |
PKCS standards in Remote Agent update APU |
HTTPS, TLS 1.2, TLS 1.1, TLS 1.0 |
Client-Server Communication. Uses only TLS 1.2 as default. But supports TLS 1.0 & 1.1 for backward compatibility. |