CMMC 1.0 Practice SC.3.185 Requirement:

Implement cryptographic mechanisms to prevent unauthorized disclosure of “Controlled Unclassified Information” (CUI) during transmission unless otherwise protected by alternative physical safeguards.

CMMC 1.0 SC.3.185 Requirement Explanation:

Due to the sensitive nature of “Controlled Unclassified Information” (CUI) it must be encrypted when in transit.

Example CMMC 1.0 SC.3.185 Implementation:

When you transmit “Controlled Unclassified Information” (CUI) over a network it needs to be encrypted. Whatever technology you use to transmit (e.g., SFTP) it needs to be validated by the NIST Cryptographic Module Validation Program. You can see if the cryptography is validated by searching for it on the NIST CMVP page.

CMMC 1.0 SC.3.185 Scenario(s):

- Scenario 1:

You have digital files containing “Controlled Unclassified Information” (CUI). Your employees need to send these back and forth to each other however they transmission needs to be encrypted. To facilitate this you setup an SFTP server that uses FIPS validated encryption. You confirm this by checking the NIST CMVP website.

Discover Our Cybersecurity Complaince Solutions:

/assets/images/app/complaince_accelerator.gif

NIST SP 800-171 & CMMC Compliance

Whether you need to meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements, help your clients meet them, or verify sub-contractor compliance we have the expertise and solution for you.

Learn More

/assets/images/app/quantum_accelerator.gif

HIPAA Compliance

Whether you need to meet and maintain your HIPAA compliance requirements or help your clients meet them we have the expertise and solution for you.

Learn More