Has 3.13.11, the use of FIPS validated encryption, sent your organization through the Seven Stages of CMMC Grief? Does the use of FIPS validated encryption have you befuddled? This is Part 1 on Tips about FIPS to meet NIST SP 800-171 3.13.11 Security Requirements.

FIPS is confusion and complicated. In this episode of “As the CMMC Churns,” we are going to dive into the requirements surrounding the usage of FIPS validated encryption. The goal is to provide everyone a baseline set of information on how to approach he use of FIPS encryption.

Because this is complicated, this episode will explain FIPS fundaments and then address Data-at-Rest encryption. We’ll pick up in Part 2 for Data-in-Transit.

Fair warning, because of the complexities of implementation and near infinite variations out there, “Tips about FIPS” will never cover every possible variance out there.

Upcoming “As the CMMC Churns” Episodes:

  • 23 Feb: We’ll be at CUI-CON (https://cui-con.com)
  • 2 Mar: Tips about FIPS Part 2
  • 9 Mar: Vulnerability Management for Remote Workers

Key CMMC Sites

Key References

Key Acquisition References

Other Key Sites