When handling Controlled Unclassified Information (CUI), compliance with NIST SP 800-171 and the CMMC framework mandates strict data protection measures—including the use of FIPS-validated encryption in specific scenarios. But one requirement that consistently generates questions is exactly what “FIPS-validated” means in practice, where it applies, and how it differs from the looser “FIPS-compliant” language that […]
Proper storage of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) is at the core of a healthy and satisfactory compliance program. The issue? There seems to be ample confusion on what CUI and FCI are, the difference between the two, and where they officially can be stored. Improper storage of both CUI […]
You’re more than aware of CMMC’s ever-changing nature—we sure are! From publication dates, commentary periods, and everything between, it’s hard to keep up. That’s why we wanted to give you a heads up on the latest in DoD Land. On top of CMMC-specific changes, certain updates in the Department of Defense (DoD) can understandably […]