Description: 

Organizations can employ full-device encryption or container-based encryption to protect the confidentiality of CUI on mobile devices and computing platforms. Container-based encryption provides a more fine-grained approach to the encryption of data and information including encrypting selected data structures such as files, records, or fields. See [NIST CRYPTO].

[23] Mobile devices and computing platforms include, for example, smartphones and tablets.
 


Priority: High 


Category: Network Security 


Services Associated with AWS: 

  • AWS Key Management Service (KMS), AWS Secrets Manager, AWS Mobile Hub


Objective Evidence: 

  • Administrative: documented policies, standards & procedures 
  • Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations 
  • Administrative: supporting documentation to demonstrate how Mobile Device Management (MDM) is properly & securely implemented 
  • Technical: screen shot of MDM settings


Possible Technology Considerations: 

  • Mobile Device Management (MDM) Secure Baseline Configurations (SBC) 


What needs to be answered:

Does the company encrypt CUI on mobile devices?


  • Implement Full-Device Encryption for Mobile Devices
    Description: This check ensures that full-device encryption is implemented on mobile devices to protect the confidentiality of Controlled Unclassified Information (CUI) stored on those devices. Full-device encryption ensures that all data and information on the device are encrypted.
  • Employ Container-Based Encryption for Mobile Computing Platforms
    Description: This check verifies that container-based encryption is employed on mobile computing platforms to protect the confidentiality of CUI. Container-based encryption provides a more fine-grained approach to encrypting data and information, allowing for the encryption of selected data structures such as files, records, or fields.
     
     


More details: All access to CUI information cloud based. CUI within cloud system is encrypted and secured at all times.