CMMC Practice SC.3.177: Employ FIPS-validated cryptography when used to protect the confidentiality of CUI.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Only use cryptography validated through the NIST Cryptographic Module Validation Program (CMVP) to protect the confidentiality of CUI. Any other cryptography cannot be used since it has not been tested and validated to protect CUI. FIPS validated cryptography is not a requirement for all information, FIPS-validation is only used for the protection of CUI.