3.13.11

Requirement

Implement the following types of cryptography to protect the confidentiality of CUI: [Assignment: organization-defined types of cryptography].

Discussion

Cryptography is implemented in accordance with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines. FIPS-validated cryptography is recommended for the protection of CUI.

NIST 800-171A r3 Assessment Guidance

Examine

[SELECT FROM: system and communications protection policy and procedures; procedures for cryptographic protection; system design documentation; system configuration settings; cryptographic module validation certificates; list of FIPS-validated cryptographic modules; system audit records; system security plan; other relevant documents or records]
Interview

[SELECT FROM: mechanisms for supporting or implementing cryptographic protection]
Test

[SELECT FROM: personnel with responsibilities for cryptographic protection; personnel with information security responsibilities; system developers; system administrators]

ID	Assessment Objectives
A.03.13.11	the following types of cryptography are implemented to protect the confidentiality of CUI: .
A.03.13.11.ODP[01]	the types of cryptography for protecting the confidentiality of CUI are defined.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!