Reference: CMMC 2.11
Family: AC
Level Introduced: 2
Title: Encrypt CUI on Mobile
Practice:
Encrypt CUI on mobile devices and mobile computing platforms.
CMMC Clarification:
Ensure CUI is encrypted using approved and validated algorithms for full disk encryption (FDE) or container-based encryption on all mobile devices and platforms to include smartphones, tablets, E-readers, and notebook computers. Mobile phones will typically encrypt a virtual container on the device; CUI should be held within the secure encrypted container. A laptop will typically use FDE. One big advantage of using encrypted containers on smartphones is applications and temporary files are not encrypted, preserving battery life that would otherwise be shortened by unnecessary cryptographic operations.
Example
You are in charge of implementing encryption for your organization. One of the encryption methods you chose for mobile devices is full disk encryption to encrypt all files, folders and volumes. When an individual checks out digital media and leaves the building a thief who obtains the media cannot access the information since everything on the disk is encrypted. Similarly, all CUI on a smartphone is put in a secure encrypted container, and if a phone containing CUI is lost, an adversary cannot recover it.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.