Documentation Index

Fetch the complete documentation index at: https://kb.northerndatasolutions.com/llms.txt

Use this file to discover all available pages before exploring further.

AC.L2-3.13.16[b]

  • Published on Apr 29, 2026
  • 1 minute(s) read
  • CT
 Prev Next

AC.L2-3.13.16[b] — System & Communications Protection (Data at Rest)

Domain: System & Communications Protection (SC)  |  Practice: SC.L2-3.13.16  |  Objective ID: 3.13.16[b]  |  Source: NIST SP 800-171 Rev. 2 / CMMC 2.0 Level 2

Assessment Objective:

Cryptographic mechanisms employed for data-at-rest protection are FIPS-validated.

Executive Summary

CMMC objective AC.L2-3.13.16[b] requires cryptographic mechanisms for data-at-rest protection to be FIPS-validated. This includes all storage media containing CUI.

Related articles
  • AC.L2-3.13.2[b]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives
  • AC.L2-3.13.11[a]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives
  • AC.L2-3.13.2[c]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives