TLS interception makes encrypted connections within an organization's network accessible for inspection. Deployment of this technical measure, due to additional risks, requires thorough consideration and must meet certain preconditions.
More and more Internet services and connections are using TLS encryption. On the one hand, this promotes security in network traffic; on the other, it makes it more difficult for organizations to inspect Internet traffic for malicious elements and confidential organizational data leaving the organization via the Internet.
The NCSC recommends that organizations considering deploying TLS interception perform a test in advance for compliance with legal requirements regarding at least the processing of personal data. In addition, it is necessary to make a thorough assessment of the usefulness and necessity of applying TLS interception in the context of other security measures. The TLS proxy should securely establish encrypted connections and be integrated within other security measures. Finally, it is important to properly secure the TLS proxy itself, as it is an attractive target
Key changes in version 1.1 (Feb. 6, 2020):
Added final version of TLS 1.3
Concepts and requirements aligned with version 2.0 of the ICT security guidelines for Transport Layer Security (TLS)
Some minor textual changes
