CMMC 1.0 Practice SC.3.191 Requirement:

Protect the confidentiality of “Controlled Unclassified Information” (CUI) at rest.

CMMC 1.0 SC.3.191 Requirement Explanation:

Information at rest refers to the state of information when it is located on storage devices. Examples include hard drives, USB thumb drives, and CDs. If these devices contain “Controlled Unclassified Information” (CUI) they

Example CMMC 1.0 SC.3.191 Implementation:

Create a policy requiring the encryption of “Controlled Unclassified Information” (CUI) at rest. Use full drive encryption on any workstations and servers that could potentially store “Controlled Unclassified Information” (CUI). Encrypt any external drives containing “Controlled Unclassified Information” (CUI).

CMMC 1.0 SC.3.191 Scenario(s):

- Scenario 1:

Your employees often handle “Controlled Unclassified Information” (CUI) on their Windows workstations. To ensure that the “Controlled Unclassified Information” (CUI) is protected you enable Bitlocker drive encryption on all workstations.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.