Protect the confidentiality of “Controlled Unclassified Information” (CUI) at rest.

CUI at rest means information that is not moving through the network; typically this means data currently stored on hard drives, thumb drives, and mobile devices.

Create a policy requiring the encryption of “Controlled Unclassified Information” (CUI) at rest. Use full drive encryption on any workstations and servers that could potentially store “Controlled Unclassified Information” (CUI). Encrypt any external drives containing “Controlled Unclassified Information” (CUI). Implementing encryption for CUI is one approach to this practice, but it is not mandatory. Physical security is often employed to restrict access to CUI, particularly when it resides on servers within a company’s offices.