CMMC Practice AC.3.014

Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.


CMMC Version 1.02, pg. 73

Bold Coast Security Guidance

Most VPN solutions will have a FIPS-validated encryption solution available, but you must be sure your VPN connection only uses up-to-date encryption protocols. Check with NIST or the VPN vendor on an annual basis to ensure that nothing has been depreciated.

Discussion From Source

DRAFT NIST SP 800-171 R2 Cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography.