3.1.13[b]

Determination Statement

Cryptographic mechanisms to protect the confidentiality of remote access sessions are implemented.

Requirement

Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.

Requirement Discussion

Cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography. See [NIST CRYPTO]; [NIST CAVP]; [NIST CMVP]; National Security Agency Cryptographic Standards.

NIST 800-171A Assessment Guidance

Examine

[SELECT FROM: Access control policy; procedures addressing remote access to the system; security plan; system design documentation; system configuration settings and associated documentation; cryptographic mechanisms and associated configuration documentation; system audit logs and records; other relevant documents or records].
Interview

[SELECT FROM: System or network administrators; personnel with information security responsibilities; system developers].
Test

[SELECT FROM: Cryptographic mechanisms protecting remote access sessions].

ID	Related Determination Statements
3.1.13[a]	Cryptographic mechanisms to protect the confidentiality of remote access sessions are identified.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!