Description:
Organizations can employ full-device encryption or container-based encryption to protect the confidentiality of CUI on mobile devices and computing platforms. Container-based encryption provides a more fine-grained approach to the encryption of data and information including encrypting selected data structures such as files, records, or fields. See [NIST CRYPTO].
[23] Mobile devices and computing platforms include, for example, smartphones and tablets.
Priority: High
Category: Network Security
Services Associated with AWS:
- AWS Key Management Service (KMS), AWS Secrets Manager, AWS Mobile Hub
Objective Evidence:
- Administrative: documented policies, standards & procedures
- Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations
- Administrative: supporting documentation to demonstrate how Mobile Device Management (MDM) is properly & securely implemented
- Technical: screen shot of MDM settings
Possible Technology Considerations:
- Mobile Device Management (MDM) Secure Baseline Configurations (SBC)
What needs to be answered:
Does the company encrypt CUI on mobile devices?
- Implement Full-Device Encryption for Mobile Devices
Description: This check ensures that full-device encryption is implemented on mobile devices to protect the confidentiality of Controlled Unclassified Information (CUI) stored on those devices. Full-device encryption ensures that all data and information on the device are encrypted. - Employ Container-Based Encryption for Mobile Computing Platforms
Description: This check verifies that container-based encryption is employed on mobile computing platforms to protect the confidentiality of CUI. Container-based encryption provides a more fine-grained approach to encrypting data and information, allowing for the encryption of selected data structures such as files, records, or fields.
More details: All access to CUI information cloud based. CUI within cloud system is encrypted and secured at all times.