Whether a contractor falls under the auspices of Federal Acquisition Regulation 52.204-21, Defense FAR Supplement 252.204-7012, or the newly unveiled Cybersecurity Maturity Model Certification (CMMC), contractor use of encryption is poised to be a critical element of compliance for the federal government over the next decade. This means that contractors must have a working knowledge of federal encryption standards to understand not only how such standards apply to the storage and handling of data but also whether the contractor can truly comply with those standards or have the wherewithal to understand the type of information technology products they are permitted to provide the government.
