Are encryption requirements applicable to CUI at rest and in transit?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the DOD Instruction 5200.48 Controlled Unclassified Information (CUI) exam. Prepare with flashcards and multiple choice questions, each with detailed hints and explanations. Ensure success on your test day!

Multiple Choice

Are encryption requirements applicable to CUI at rest and in transit?

Explanation:
Encryption protects CUI by making it unreadable to anyone who doesn’t have the key. For CUI, the protection must cover both storage and transmission. When data rests on a device or in a repository, encryption helps guard against theft or unauthorized access to the storage medium. When data moves across networks, encryption protects it from interception, eavesdropping, or tampering. Using approved encryption means applying vetted algorithms and key management that meet baselines such as NIST standards and DoD guidance, ensuring interoperability and auditable compliance. The phrase “where applicable” recognizes that there may be specific constraints in some environments, but the standard expectation is to encrypt for both at rest and in transit whenever feasible. Therefore, require approved encryption for both states of CUI to maintain confidentiality throughout the data’s lifecycle.

Encryption protects CUI by making it unreadable to anyone who doesn’t have the key. For CUI, the protection must cover both storage and transmission. When data rests on a device or in a repository, encryption helps guard against theft or unauthorized access to the storage medium. When data moves across networks, encryption protects it from interception, eavesdropping, or tampering. Using approved encryption means applying vetted algorithms and key management that meet baselines such as NIST standards and DoD guidance, ensuring interoperability and auditable compliance. The phrase “where applicable” recognizes that there may be specific constraints in some environments, but the standard expectation is to encrypt for both at rest and in transit whenever feasible. Therefore, require approved encryption for both states of CUI to maintain confidentiality throughout the data’s lifecycle.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy