CMMC Practice Requirement:

Encrypt CUI on mobile devices and mobile computing platforms.

CMMC Requirement Explanation:

Devices such as smart phones, tablets, and laptops can easily be transported. As a result they can not be protected by your facilities physical security controls. By encrypting mobile devices you can protect the confidentiality of CUI stored on them.

Example CMMC Implementation:

Encrypt the hard drives of your company managed smartphones, tablets, and laptops. You can generally use the encryption capability built-into your devices operating systems. An example is using Bitlocker for Windows systems. Makesure that the encryption you use if FIPS 140-2 validated.


- Scenario 1:

Your company wants to protect CUI stored on its laptops. To accomplish this it will enable bitlocker encryption on its laptops.

- Scenario 2:

Your employees like to access your company email (Office 365 Outlook) on their personal smart phones. Their emails often contain CUI. To ensure that the CUI is encrypted you force their personal smart phones to be encrypted before they can setup company email on their phone. You accomplish this through the Office 365 exchange admin panel.

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance