CMMC 1.0 Practice SC.3.185 Requirement:
Implement cryptographic mechanisms to prevent unauthorized disclosure of “Controlled Unclassified Information” (CUI) during transmission unless otherwise protected by alternative physical safeguards.
CMMC 1.0 SC.3.185 Requirement Explanation:
Due to the sensitive nature of “Controlled Unclassified Information” (CUI) it must be encrypted when in transit.
Example CMMC 1.0 SC.3.185 Implementation:
When you transmit “Controlled Unclassified Information” (CUI) over a network it needs to be encrypted. Whatever technology you use to transmit (e.g., SFTP) it needs to be validated by the NIST Cryptographic Module Validation Program. You can see if the cryptography is validated by searching for it on the NIST CMVP page.
CMMC 1.0 SC.3.185 Scenario(s):
- Scenario 1:
You have digital files containing “Controlled Unclassified Information” (CUI). Your employees need to send these back and forth to each other however they transmission needs to be encrypted. To facilitate this you setup an SFTP server that uses FIPS validated encryption. You confirm this by checking the NIST CMVP website.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.