CCI-002330

The organization employs full-device encryption or container encryption to protect the confidentiality of information on organization-defined mobile devices.

Implementation Guidance

The organization being inspected/assessed documents and implements a process for full-device encryption or container encryption to protect the confidentiality of information on mobile devices defined in AC-19 (5), CCI 2329.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed employs full-device encryption or container encryption to protect the confidentiality of information on mobile devices defined in AC-19 (5), CCI 2329.

Compelling Evidence

1.) Signed and dated system security plan (SSP) 2.) Signed and dated mobile devices policy that defines a process that employs full-device encryption or container encryption to protect the confidentiality of information on mobile devices defined in AC-19 (5), CCI 2329.

The controls below (if any) were marked by NIST as being related to CCI-002330.