CMMC 1.0 Practice SC.3.191 Requirement:
Protect the confidentiality of “Controlled Unclassified Information” (CUI) at rest.
CMMC 1.0 SC.3.191 Requirement Explanation:
Information at rest refers to the state of information when it is located on storage devices. Examples include hard drives, USB thumb drives, and CDs. If these devices contain “Controlled Unclassified Information” (CUI) they
Example CMMC 1.0 SC.3.191 Implementation:
Create a policy requiring the encryption of “Controlled Unclassified Information” (CUI) at rest. Use full drive encryption on any workstations and servers that could potentially store “Controlled Unclassified Information” (CUI). Encrypt any external drives containing “Controlled Unclassified Information” (CUI).
CMMC 1.0 SC.3.191 Scenario(s):
- Scenario 1:
Your employees often handle “Controlled Unclassified Information” (CUI) on their Windows workstations. To ensure that the “Controlled Unclassified Information” (CUI) is protected you enable Bitlocker drive encryption on all workstations.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.