What is NIST 800-171 Control 3.13.9?
This control mandates that CUI must be protected when stored, not just when it’s in transit. “At rest” refers to:
• Files on laptops or desktops
• Backups on external drives or cloud platforms
• Databases on internal servers
• USB or removable storage
The preferred method is encryption that meets FIPS 140-2 or similar recognized standards.
Why It Matters
If a laptop is stolen, a server is compromised, or a backup drive is lost—and the data isn’t encrypted—your CUI is exposed.
CUI at rest is vulnerable to:
• Insider threats
• Lost/stolen hardware
• Malware that extracts local files
Encryption helps ensure that even if devices are accessed, the data remains protected.
How to Implement It
• Encrypt all devices that store CUI using FIPS-validated tools (e.g., BitLocker, VeraCrypt with FIPS settings)
• Enable full disk encryption on laptops and desktops
• Use file-level or database encryption for servers or cloud-hosted CUI
• Store encryption keys securely and separate from the encrypted data
• Train users to recognize and properly handle encrypted storage
Common Mistakes
• Using passwords without encryption (passwords ≠ encryption)
• Storing unencrypted backups or archives
• Assuming cloud providers encrypt by default (they may not)
How Cuick Trac Helps
Cuick Trac protects CUI at rest by:
• Encrypting all CUI stored within the secure enclave by default
• Using FIPS 140-2 validated encryption for local and cloud storage
• Supporting secure storage policies for hybrid and remote environments
• Providing advisory support for endpoint encryption and key management
With Cuick Trac, your data stays protected—even when it’s not in motion.
Final CTA
At rest should never mean at risk. Encrypt your CUI—wherever it lives.
Schedule a Cuick Trac demo and safeguard your stored data with proven encryption.