CMMC 1.0 Practice AC.3.022 Requirement:

Encrypt CUI on mobile devices and mobile computing platforms.

CMMC 1.0 AC.3.022 Requirement Explanation:

Devices such as smart phones, tablets, and laptops can easily be transported. As a result they can not be protected by your facilities physical security controls. By encrypting mobile devices you can protect the confidentiality of CUI stored on them.

Example CMMC 1.0 AC.3.022 Implementation:

Encrypt the hard drives of your company managed smartphones, tablets, and laptops. You can generally use the encryption capability built-into your devices operating systems. An example is using Bitlocker for Windows systems. Makesure that the encryption you use if FIPS 140-2 validated.

CMMC 1.0 AC.3.022 Scenario(s):

- Scenario 1:

Your company wants to protect CUI stored on its laptops. To accomplish this it will enable bitlocker encryption on its laptops.

- Scenario 2:

Your employees like to access your company email (Office 365 Outlook) on their personal smart phones. Their emails often contain CUI. To ensure that the CUI is encrypted you force their personal smart phones to be encrypted before they can setup company email on their phone. You accomplish this through the Office 365 exchange admin panel.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.