Has 3.13.11, the use of FIPS-validated encryption, sent your organization through the Seven Stages of CMMC Grief? Does the use of FIPS-validated encryption have you befuddled? Tips about FIPS Part 2 continues address the most common DIBCAC NOT MET requirement for CMMC and NIST SP 800-171, 3.13.11.
FIPS is confusing and complicated. In this episode of As the CMMC Churns, we are going to dive into the requirements surrounding the usage of FIPS-validated encryption. The goal is to provide everyone a baseline set of information on how to approach the use of FIPS encryption.
Because this is complicated, this episode builds on FIPS fundamentals and then addresses Data-at-Rest encryption covered in Part 1. This part picks up with Data-in-Transit.
Fair warning, because of the complexities of implementation and near-infinite variations out there, “Tips about FIPS” will never cover every possible variance out there.
Upcoming “As the CMMC Churns” Episodes:
– 6 April: CMMC FUD
– 13 April: Vulnerability Management for Remote Workers
– 20 April: CUI is not SECRET
Social Contact