SC.L2-3.13.8 Data in Transit

CMMC Practice SC.L2-3.13.8 – Data in Transit: Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards.

Links to Publicly Available Resources


Only use cryptography validated through the NIST Cryptographic Module Validation Program (CMVP) to protect the confidentiality of CUI during transmission. Any other approved cryptography cannot be used since it has not been tested and validated to protect CUI. FIPS-validated cryptography is not a requirement for all information, it is only used for the protection of CUI. This encryption guideline must be followed unless an alternative physical safeguard is in place to protect CUI.