System and Communications Protection

System and communications protection covers the security measures that protect information as it's transmitted across networks and ensure that systems enforce security boundaries. This includes encryption of communications, network segmentation, boundary protection (firewalls), session management, and protection of cryptographic keys.

For defense contractors, this domain is particularly important because it governs how CUI is protected as it moves across networks — between your systems, to your subcontractors, and in communications with the government.

Why It Matters

System and communications protection is one of the most technical CMMC domains. Requirements include FIPS-validated encryption for CUI in transit, network segmentation, and boundary protection — these often require significant technical investment to implement correctly.

Related Resources

NIST 800-171: 3.13.1
NIST 800-171: 3.13.2
NIST 800-171: 3.13.3
NIST 800-171: 3.13.4
NIST 800-171: 3.13.5
NIST 800-171: 3.13.6
NIST 800-171: 3.13.7
NIST 800-171: 3.13.8