Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Traditional Security Checklist
IS-16.02.04
IS-16.02.04
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
IS-16.02.04
1 Rule
<GroupDescription></GroupDescription>
Controlled Unclassified Information - Encryption of Data at Rest
Medium Severity
<VulnDiscussion>Failure to handle CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Executive Order 13556, Controlled Unclassified Information (CUI) The Information Security Oversight Office (ISOO): https://www.archives.gov/cui DoD CIO Memorandum, Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media, 3 July 2007 NIST FIPS 140-2, Security Requirements for Cryptographic Modules NSTISSI No. 11, National Policy Governing the Acquisition of Information Assurance (IA) and IA-Enabled Information Technology (IT) Products CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND); Enclosure A, paragraphs 6.b., 13.b.(2), 13.b.(3) and Enclosure C, paragraphs 21.f. and 21.g. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: MP-5, PL-2 and SC-28. DoD Manual 5200.01, Volume 3, 24 February 2012, SUBJECT: DoD Information Security Program: Protection of Classified Information; Enclosure 7, paragraphs 8. and 9.a. DoD Instruction 8420.01, Commercial Wireless Local Area Network (WLAN) Devices, Systems, and Technologies, 3 November 2017, paragraphs 1.2.b., 1.2.h., 3.2.a., 3.2.a.(3), and 3.8.d. NSA, Commercial Solutions for Classified Data at Rest Capability Package, current edition</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>