CMMCDocs.comHome / Glossary / SC.L2-3.13.16
SC.L2-3.13.16
Also known as: Encrypt CUI at rest requirement
The NIST SP 800-171 requirement that mandates the contractor protect the confidentiality of CUI at rest.
SC.L2-3.13.16 requires the contractor to 'protect the confidentiality of CUI at rest.' In practice, this means encrypting CUI when it is stored on disk — laptops, servers, databases, backup media, file shares, cloud storage.
The encryption mechanism must be FIPS-validated to also satisfy SC.L2-3.13.11. Common implementations include BitLocker, FileVault, LUKS, database transparent data encryption, S3 server-side encryption with customer-managed keys, and full-disk encryption on backup tapes.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account