What is NIST 800-171 Control 3.13.13?
This control mandates the use of approved cryptographic methods to maintain the confidentiality of CUI. It applies to:
• CUI at rest (stored)
• CUI in transit (being transmitted)
• CUI on removable media or mobile devices
The cryptographic methods must be FIPS 140-2 or 140-3 validated, or equivalent if operating outside of the U.S.
Why It Matters
Without strong encryption, CUI can be:
• Intercepted during transmission
• Recovered from stolen or lost devices
• Exposed by insider threats or compromised accounts
Encryption ensures that even if attackers gain access to your data, they can’t read it without the keys.
How to Implement It
• Use tools that support FIPS 140-2 validated encryption algorithms (e.g., AES-256)
• Encrypt:
◦ Files and drives on laptops, desktops, and servers
◦ Network traffic (e.g., HTTPS, VPN, TLS 1.2+)
◦ Backup files and removable storage
• Store and protect encryption keys separately from the encrypted data
• Maintain documentation of your encryption strategy and compliance status
Common Mistakes
• Using unvalidated or outdated encryption algorithms (e.g., DES, MD5)
• Assuming encryption is “on” by default in cloud tools or file-sharing apps
• Storing encryption keys on the same device as the encrypted data
How Cuick Trac Helps
Cuick Trac ensures encryption compliance by:
• Using FIPS 140-2 validated encryption across its secure enclave
• Encrypting all data at rest and in transit by default
• Providing guidance for protecting CUI outside of the Cuick Trac environment (e.g., email, mobile devices)
• Supporting documentation for CMMC and NIST audits
With Cuick Trac, your CUI is protected not just by policy—but by proven, compliant encryption.
Final CTA
If it’s CUI, it needs encryption. No shortcuts.
Book a Cuick Trac demo and build a bulletproof encryption strategy—on the ground and in the cloud.