NIST SP 800-171 & CMMC 2.0 Control 3.13.16 Requirement:

Protect the confidentiality of “Controlled Unclassified Information” (CUI) at rest.

NIST SP 800-171 & CMMC 2.0 3.13.16 Requirement Explanation:

CUI at rest means information that is not moving through the network; typically this means data currently stored on hard drives, thumb drives, and mobile devices.

Example NIST SP 800-171 & CMMC 2.0 3.13.16 Implementation:

Create a policy requiring the encryption of “Controlled Unclassified Information” (CUI) at rest. Use full drive encryption on any workstations and servers that could potentially store “Controlled Unclassified Information” (CUI). Encrypt any external drives containing “Controlled Unclassified Information” (CUI). Implementing encryption for CUI is one approach to this practice, but it is not mandatory. Physical security is often employed to restrict access to CUI, particularly when it resides on servers within a company’s offices.

NIST SP 800-171 & CMMC 2.0 3.13.16 Scenario(s):

- Scenario 1:

Your employees often handle “Controlled Unclassified Information” (CUI) on their Windows workstations. To ensure that the “Controlled Unclassified Information” (CUI) is protected you enable Bitlocker drive encryption on all workstations.
 

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:

/assets/images/app/complaince_accelerator.gif

Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.
Become Compliant
/assets/images/app/quantum_accelerator.gif

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.
Provide Services
/assets/images/app/supply_chain_verifier.gif

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.
Verify Subcontactors