CMMC 1.0 Practice SC.3.185 Requirement:

Implement cryptographic mechanisms to prevent unauthorized disclosure of “Controlled Unclassified Information” (CUI) during transmission unless otherwise protected by alternative physical safeguards.

CMMC 1.0 SC.3.185 Requirement Explanation:

Due to the sensitive nature of “Controlled Unclassified Information” (CUI) it must be encrypted when in transit.

Example CMMC 1.0 SC.3.185 Implementation:

When you transmit “Controlled Unclassified Information” (CUI) over a network it needs to be encrypted. Whatever technology you use to transmit (e.g., SFTP) it needs to be validated by the NIST Cryptographic Module Validation Program. You can see if the cryptography is validated by searching for it on the NIST CMVP page.

CMMC 1.0 SC.3.185 Scenario(s):

- Scenario 1:

You have digital files containing “Controlled Unclassified Information” (CUI). Your employees need to send these back and forth to each other however they transmission needs to be encrypted. To facilitate this you setup an SFTP server that uses FIPS validated encryption. You confirm this by checking the NIST CMVP website.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.