![Adoptech-logo-GreyWithoutStrapline-1.png]](https://knowledge.adoptech.co.uk/hs-fs/hubfs/Adoptech-logo-GreyWithoutStrapline-1.png?height=39&name=Adoptech-logo-GreyWithoutStrapline-1.png){kind=logo}
CAF – B3.b Data in Transit
This article provides additional information on how you can meet the requirement for the CAF control – B3.b Data in Transit.
Identifying and Protecting Data Links
Organisations should identify and protect all data links that transmit information essential to delivering managed services. This includes traffic between cloud platforms, client environments, remote management tools and internal systems.
Encryption and Secure Protocols
- All data in transit should be protected using industry-standard encryption technologies such as TLS, HTTPS, VPN tunnels, SSH and secure API integrations.
- Only trusted, modern protocols should be used, and important data should not be transmitted over unencrypted or unknown channels.
Protection on Public or Non-Trusted Networks
- When data travels over public or untrusted networks (e.g. the internet), technical controls should enforce encryption, certificate validation and secure authentication.
- Justified confidence in these protections should be maintained through vendor assurances, configuration reviews and regular vulnerability management.
Alternative Transmission Paths
- Where appropriate, organisations should maintain alternative transmission paths to reduce disruption risks. These may include multiple ISPs, redundant VPN routes and out-of-band channels.
Reviewing Data-in-Transit Protections
- Data-in-transit protections should be reviewed periodically and whenever integrations, systems or service delivery models change.