CCI-000631

Employ only government off-the-shelf or commercial off-the-shelf information assurance and information assurance-enabled information technology products that compose an NSA-approved solution to protect classified information when the networks used to transmit the information are at a lower classification level than the information being transmitted.

Implementation Guidance

The organization being inspected/assessed must identify and use NSA-approved encryption technologies to protect classified information when the networks or transmission medium used to transmit the information are at a lower classification level than the information being transmitted.

Validation Procedures

The organization conducting the inspection/assessment examines and verifies identified encryption technologies in use by the organization being inspected/assessed are NSA-approved.

Compelling Evidence

1.) System security plan (SSP) documentation include information as it relates to GOTS or COTS.

The controls below (if any) were marked by NIST as being related to CCI-000631.