SC.L2-3.13.8—Data in Transit
Level 2
800-171: 3.13.8
>Control Description
Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern implementation of Data in Transit?
- •Who is responsible for overseeing compliance with this requirement?
- •How do you communicate requirements to relevant personnel?
- •How often do you review and update policies related to this control?
- •What governance process ensures consistent implementation across the organization?
Technical Implementation:
- •What technologies and tools implement Data in Transit?
- •How do you technically enforce this requirement?
- •What automated mechanisms support this control?
- •What logging or monitoring provides visibility into implementation?
- •How do you verify technical implementation is functioning correctly?
Evidence & Documentation:
- •What network diagrams show boundary protection architecture?
- •What firewall rule sets and configurations can you provide?
- •What encryption implementation documentation shows FIPS-validated crypto?
- •What key management procedures can you provide?
- •What network segmentation documentation shows proper separation?
- •What evidence shows cryptographic mechanisms protect CUI?
- •What configuration documentation shows security controls are properly implemented?
Ask AI
Configure your API key to use AI features.