Cryptography

Cryptography is the science and practice of securing information through mathematical techniques — encoding data so that only authorized parties can read it. Modern cryptography includes encryption (protecting confidentiality), hashing (verifying integrity), digital signatures (providing authentication and non-repudiation), and key management (securely generating, distributing, and storing cryptographic keys).

For defense contractors, the critical requirement is using FIPS-validated cryptographic modules. This means the specific software or hardware performing the cryptography has been tested and certified by an accredited laboratory to meet federal security standards.

Why It Matters

Cryptography is the technical foundation of CUI protection under CMMC. Ensuring your cryptographic implementations are FIPS-validated is a specific, verifiable requirement — not just 'use encryption,' but 'use validated encryption.'

Related Resources

NIST 800-53: CM-3(6)
NIST 800-53: SC-13(1)
NIST 800-53: SC-13(2)