UCF STIG Viewer Logo

ECNK-1 Encryption for Need-To-Know


Information in transit through a network at the same classification level, but which must be separated for need-to-know reasons, is encrypted, at a minimum, with NIST-certified cryptography. This is in addition to ECCT (encryption for confidentiality – data in transit).

MAC / CONF Impact Subject Area
Medium Enclave Computing Environment


Confidentiality of need-to-know information can be compromised easily when transmitted through a network in an unencrypted state.  Certified cryptography methods provide important functionality to protect against intentional and accidental compromise and alteration of data.

1. Identify system components processing sensitive and unclassified information (classified and sensitive national security systems are covered by the ECNK-2 control).
2. NIST issues standards and guidelines used to protect sensitive information as Federal Information Processing Standards (FIPS) publications. Federal agencies must comply with all mandatory standards.
3. A system manager shall select an encryption method to protect need-to-know information in transit by using, at a minimum, a NIST certified cryptographic method. By using FIPS, the manager knows that the standard has been developed and the algorithm has been tested against this standard and the results validated by NIST. NIST validation means the algorithm has been found to be adequate for the protection of sensitive government data.


  • NIST SP 800-32, Introduction to Public Key Technology and the Federal PKI Infrastructure, February 2001
  • NIST SP 800-29, A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2, June 2001
  • NIST SP 800-25, Federal Agency Use of Public Key Technology for Digital Signatures and Authentication, October 2000
  • NIST SP 800-21, Guideline for Implementing Cryptography in the Federal Government, November 1999
  • FIPS 140-2, Security Requirements for Cryptographic Modules, 25 May 2001
  • FIPS 196, Entity Authentication Using Public Key Cryptography, 18 February 1997
  • FIPS 197, Advanced Encryption Standard (AES), 26 November 2001