:

13.6: Encrypt Mobile Device Data

Sub-control 13.6 states that you must utilize approved cryptographic mechanisms to protect enterprise data stored on all mobile devices.

Asset Type	Security Function	Implementation Groups
Data	Protect	1, 2, 3

Dependencies

Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information
Sub-control 2.1: Maintain an Inventory of Authorized Software
Sub-control 5.1: Establish Secure Configurations

Inputs

Approved mobile devices: The list of approved mobile devices. This is derived from the endpoint inventory (sub-control 1.4).
Approved mobile device encryption software: The list of approved mobile device encryption software. Ideally, this is derived from the authorized software list (sub-control 2.1).
Approved software configuration policy: For each software in I2, the approved software configuration policy.

Operations

For each mobile device in I1, determine if any of the approved encryption software from Input 2 is installed.
For each mobile device with installed approved encryption software, collect the software configuration information and compare it to the approved configuration policy (I3).

Measures

Measure	Definition
M1 = List of approved mobile devices	A list of approved mobile devices.
M2 = Count of items in M1	A count of the total number of items in M1.
M3 = List of approved mobile devices with approved encryption software installed	A list of approved mobile devices with approved encryption software installed.
M4 = Count of items in M3	A count of the total number of items in M3.
M5 = List of approved mobile devices without approved encryption software installed	A list of approved mobile devices without approved encryption software installed.
M6 = Count of items in M5	A count of the total number of items in M5.
M7 = List of appropriately configured mobile devices	A list of appropriately configured mobile devices.
M8 = Count of items in M7	A count of the total number of items in M7.
M9 = List of inappropriately configured mobile devices	A list of inappropriately configured mobile devices.
M10 = Count of items in M9	A count of the total number of items in M9.

Metrics

Installed Software Coverage

Metric	Calculation
The percentage of approved mobile devices that are equipped with approved encryption software.	M4 / M2

Appropriately Configured Devices

Metric	Calculation
The percentage of approved mobile devices equipped with approved encryption software that meet or exceed the approved configuration policy.	M8 / M2

Copyright © 2023 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other products or services are trademarks of their respective owners.