NIST SP 800-171 & CMMC 2.0 Control 3.1.18 Requirement:

Control connection of mobile devices.

NIST SP 800-171 & CMMC 2.0 3.1.18 Requirement Explanation:

Mobile devices that don't meet your organization's security requirements can pose security risks. By establishing and enforcing mobile device connections requirements you can help protect CUI on mobile devices.

Example NIST SP 800-171 & CMMC 2.0 3.1.18 Implementation:

Mobile devices generally refer to smart phones and tablets. Document a set of requirements that mobile devices need to meet before they are used to process, store, or transmit CUI. Use a mobile device management (MDM) system to enforce your mobile device security requirements. This can be accomplished using Active Sync settings in the Micrososft 365 Exchange Admin Center.

NIST SP 800-171 & CMMC 2.0 3.1.18 Scenario(s):

- Scenario 1:

A user wants to use corporate email on his phone. When he downloads the Outlook app onto his phone and tries to sign into his email he gets a message requiring him to enable encryption and a pin code for his phone. This is because the company has required those settings in the Microosoft 365 exchange admin portal.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.