NIST SPECIAL PUBLICATION 1800-28

---

Data Confidentiality: Identifying and Protecting Assets Against Data Breaches

Data Confidentiality:

Identifying and Protecting Assets Against Data Breaches

---

Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How-To Guides (C)

William Fisher

R. Eugene Craft

Michael Ekstrom

Julian Sexton

John Sweetnam

February 2024

FINAL

This publication is available free of charge from https://doi.org/10.6028/NIST.SP.1800-28

The first draft of this publication is available free of charge from: https://www.nccoe.nist.gov/data-confidentiality-identifying-and-protecting-assets-against-data-breaches

NIST SPECIAL PUBLICATION 1800-28

Data Confidentiality: Identifying and Protecting Assets Against Data Breaches

Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How-To Guides (C)

William Fisher

National Cybersecurity Center of Excellence

NIST

R. Eugene Craft

Michael Ekstrom

Julian Sexton

John Sweetnam

The MITRE Corporation

McLean, Virginia

FINAL

February 2024

U.S. Department of Commerce

Gina M. Raimondo, Secretary

National Institute of Standards and Technology

Laurie E. Locascio, NIST Director and Under Secretary of Commerce for Standards and Technology

Volume A

• Executive Summary
  • Challenge
  • Benefits
  • Approach
  • How to Use This Guide
  • Share Your Feedback
  • Collaborators

Volume B

• 1 Summary
  • 1.1 Challenge
  • 1.2 Solution
  • 1.3 Benefits
• 2 How to Use This Guide
  • 2.1 Typographic Conventions
• 3 Approach
  • 3.1 Audience
  • 3.2 Scope
  • 3.3 Assumptions
  • 3.4 Privacy Considerations
  • 3.5 Risk Assessment
    • 3.5.1 Security Risk Assessment
    • 3.5.2 Privacy Risk Assessment
  • 3.6 Technologies
• 4 Architecture
• 5 Security & Privacy Characteristic Analysis
  • 5.1 Assumptions and Limitations
  • 5.2 Security Scenarios
    • 5.2.1 Exfiltration of Encrypted Data
    • 5.2.2 Spear Phishing Campaign
    • 5.2.3 Ransomware
    • 5.2.4 Accidental Email
    • 5.2.5 Lost Laptop
    • 5.2.6 Privilege Misuse
    • 5.2.7 Eavesdropping
  • 5.3 Privacy Scenarios
    • 5.3.1 User Login with Multifactor Authentication
    • 5.3.2 Authentication to Virtual Desktop Interface Solution
    • 5.3.3 Automated Data Movement with Data Management Solution
    • 5.3.4 Monitoring by Logging Solution
    • 5.3.5 User Web Browsing with Browser Isolation Solution
• 6 Future Build Considerations
• Appendix A List of Acronyms
• Appendix B Glossary
• Appendix C References
• Appendix D Security Control Map
• Appendix E Privacy Control Map

Volume C

• 1 Introduction
  • 1.1 How to Use this Guide
  • 1.2 Build Overview
  • 1.3 Typographic Conventions
  • 1.4 Logical Architecture Summary
• 2 Product Installation Guides
  • 2.1 FireEye Helix
    • 2.1.1 Installing the Communications Broker - CentOS 7
    • 2.1.2 Forwarding Event Logs from Windows 2012 R2
  • 2.2 Symantec Cloud Secure Web Gateway
    • 2.2.1 Configure Web Security Service (WSS)
    • 2.2.2 Install Proxy Certificates and enabling TLS/SSL Interception
    • 2.2.3 Configure Symantec Web Security Service Proxy
  • 2.3 PKWARE PKProtect
    • 2.3.1 Configure PKWARE with Active Directory
    • 2.3.2 Create a New Administrative User
    • 2.3.3 Install Prerequisites
    • 2.3.4 Install the PKProtect Agent
    • 2.3.5 Configure Discovery and Reporting
  • 2.4 StrongKey Tellaro
    • 2.4.1 Python Client for StrongKey – Windows Executable Creation and Use
  • 2.5 Qcor ForceField
    • 2.5.1 Installation and Usage of ForceField
  • 2.6 Avrio SIFT
    • 2.6.1 Configuring Avrio SIFT
  • 2.7 Cisco Duo
    • 2.7.1 Installing Cisco Duo
    • 2.7.2 Registering a Duo User
  • 2.8 Dispel
    • 2.8.1 Installation
    • 2.8.2 Configuring IP Addresses
    • 2.8.3 Configuring Network
    • 2.8.4 Adding a Device
  • 2.9 Integration: FireEye Helix and Symantec SWG
    • 2.9.1 Configure Fireye Helix to Collect Logs from Symantec SWG
  • 2.10 Integration: FireEye Helix and PKWARE PKProtect
    • 2.10.1 Configure the Helix Communications Broker
    • 2.10.2 Configure PKWARE PKProtect to Forward Events
  • 2.11 Integration: FireEye Helix and Cisco Duo
    • 2.11.1 Configure Fireye Helix to Collect Logs from Cisco Duo
  • 2.12 Integration: FireEye Helix and QCOR ForceField
    • 2.12.1 Configure an Secure File Transfer Protocol (SFTP) server on Windows
    • 2.12.2 Configure the Linux Machine to Download and Send Logs to the Helix Communications Broker
  • 2.13 Integration: FireEye Helix and Dispel
  • 2.14 Integration: Avrio SIFT and PKWARE PKProtect
    • 2.14.1 Configuring PKWARE PKProtect
  • 2.15 Integration: Dispel and Cisco Duo
• Appendix A List of Acronyms