NIST SP 800-171 & CMMC 2.0 3.1.19 Requirement:
Encrypt CUI on mobile devices and mobile computing platforms.
NIST SP 800-171 & CMMC 2.0 3.1.19 Requirement Explanation:
Devices such as smart phones, tablets, and laptops can easily be transported. As a result they can not be protected by your physical security controls. By encrypting mobile devices you can protect the confidentiality of CUI stored on them.
Example NIST SP 800-171 & CMMC 2.0 3.1.19 Implementation:
Encrypt the storage of your company managed smartphones, tablets, and laptops. You can generally use the encryption capability built-into your devices operating systems. An example is using Bitlocker for Windows systems. Makesure that the encryption you use is FIPS 140-2 validated.
NIST SP 800-171 & CMMC 2.0 3.1.19 Scenario(s):
- Scenario 1:
Your company wants to protect CUI stored on its laptops. To accomplish this it enables bitlocker encryption on its laptops.
- Scenario 2:
Your employees like to access your company email (Microsoft 365 Outlook) on their personal smart phones. Their emails often contain CUI. To ensure that the CUI is encrypted you force their personal smart phones to be encrypted before they can setup company email on their phone. You accomplish this through the Office 365 exchange admin panel.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.