CMMC Practice AC.3.014

Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.

Source

CMMC Version 1.02, pg. 73

Bold Coast Security Guidance

Most VPN solutions will have a FIPS-validated encryption solution available, but you must be sure your VPN connection only uses up-to-date encryption protocols. Check with NIST or the VPN vendor on an annual basis to ensure that nothing has been depreciated. https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search

Discussion From Source

DRAFT NIST SP 800-171 R2 Cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography.

References