NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-8(1)Cryptographic Protection

Implement cryptographic mechanisms to {{ insert: param, sc-08.01_odp }} during transmission.

CMMC Practice Mapping

NIST 800-171 Mapping

Related Controls

Supplemental Guidance

Encryption protects information from unauthorized disclosure and modification during transmission. Cryptographic mechanisms that protect the confidentiality and integrity of information during transmission include TLS and IPSec. Cryptographic mechanisms used to protect information integrity include cryptographic hash functions that have applications in digital signatures, checksums, and message authentication codes.

Practitioner Notes

This enhancement specifically requires using cryptographic mechanisms — not just any protection — to secure data in transit. Encryption is mandatory, not optional.

Example 1: Configure IPsec VPN tunnels between your office locations using AES-256 encryption. All site-to-site traffic is encrypted at the network layer, protecting everything from file shares to database replication without requiring application-level changes.

Example 2: Enable BitLocker and require encrypted connections for all Remote Desktop sessions. Configure a GPO under Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services to set "Require use of specific security layer for remote (RDP) connections" to SSL.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability