Has 3.13.11, the use of FIPS-validated encryption, sent your organization through the Seven Stages of CMMC Grief? Does the use of FIPS-validated encryption have you befuddled?  Tips about FIPS Part 2 continues address the most common DIBCAC NOT MET requirement for CMMC and NIST SP 800-171, 3.13.11.

FIPS is confusing and complicated. In this episode of As the CMMC Churns, we are going to dive into the requirements surrounding the usage of FIPS-validated encryption. The goal is to provide everyone a baseline set of information on how to approach the use of FIPS encryption.

Because this is complicated, this episode builds on FIPS fundamentals and then addresses Data-at-Rest encryption covered in Part 1. This part picks up with Data-in-Transit.

Fair warning, because of the complexities of implementation and near-infinite variations out there, “Tips about FIPS” will never cover every possible variance out there.

Upcoming “As the CMMC Churns” Episodes:

– 6 April: CMMC FUD
– 13 April: Vulnerability Management for Remote Workers
– 20 April: CUI is not SECRET

Key CMMC Sites

Key References

Key Acquisition References

Other Key Sites