CMMC Encryption

What is Encryption and how is Encryption used in the CMMC (Cybersecurity Maturity Model Certification)?

Encryption is the process of encoding information so that it is only decipherable by select person, and CMMC practices related to encryption appear in almost all of the CMMC security domains.

Join our newsletter:

What is Encryption?

Encryption is the process of converting plaintext to ciphertext. It is a way of mixing data so that only people that know how to decrypt the data can understand the information.

When was Encryption first used?

Evidence suggests that encryption was first used in Egypt around 1900 BC in the main chamber of Khnumhotep II’s tomb. The form of encryption used in the tomb of Khnumhotep II is known as symbol replacement, many of the hieroglyphic symbols used were unusual symbols in place of ordinary ones.

What was the military use of Encryption in ancient times?

Encryption was used by the Roman military to transmit secret information. One of the most popular encryption methods was known as the Caesar Cipher. In this method each letter in the plaintext is replaced by a letter some fixed number of positions away in the alphabet. For example, with a left shift of 3, D would be replaced by A.

What is the modern military use of Encryption?

Like ancient times, modern militaries use encryption to securely transmit messages to prevent the enemy from being able to intercept and read the messages. Even if the enemy were to intercept the messages, it would need to be decrypted in order to be legible.

What is military grade Encryption?

Military grade encryption is simply marketing jargon, however common encryption standards used in the military are 128-bit, 256-bit, SHA-256, and SHA-512.

What is Decryption?

Decryption is the process in which encrypted text/ciphertext is converted into a plaintext/understandable format.

How is Encryption used in the CMMC (Cybersecurity Maturity Model Certification)?

CMMC practices related to encryption appear in most of the CMMC security domains. All CMMC levels have encryption related requirements. Some CMMC related encryption requirements include encrypting communication sessions, encrypting storage devices containing FCI or CUI such as laptops, thumbdrives, and smartphones. To meet cybersecurity maturity model certification (CMMC) encryption requirements we recommend that the encryption algorithms you choose to use are all FIPS 140-2 validated. If you would like more information on CMMC encryption related requirements feel free to reach out to us at

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.