NIST SP 800-171 & CMMC 2.0 Control 3.1.19 Requirement:

Encrypt CUI on mobile devices and mobile computing platforms.

NIST SP 800-171 & CMMC 2.0 3.1.19 Requirement Explanation:

Devices such as smart phones, tablets, and laptops can easily be transported. As a result they can not be protected by your physical security controls. By encrypting mobile devices you can protect the confidentiality of CUI stored on them.

Example NIST SP 800-171 & CMMC 2.0 3.1.19 Implementation:

Encrypt the storage of your company managed smartphones, tablets, and laptops. You can generally use the encryption capability built-into your devices operating systems. An example is using Bitlocker for Windows systems. Makesure that the encryption you use is FIPS 140-2 validated.

NIST SP 800-171 & CMMC 2.0 3.1.19 Scenario(s):

- Scenario 1:

Your company wants to protect CUI stored on its laptops. To accomplish this it enables bitlocker encryption on its laptops.

- Scenario 2:

Your employees like to access your company email (Microsoft 365 Outlook) on their personal smart phones. Their emails often contain CUI. To ensure that the CUI is encrypted you force their personal smart phones to be encrypted before they can setup company email on their phone. You accomplish this through the Office 365 exchange admin panel.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.