Become an Inspection Manager Expert, Join Our Free Complimentary Customer Webinar Series!

Encryption Guide for CUI Data (Rest & In-Transit)

  • Updated on Jul 29, 2025
  • Published on Jun 20, 2025
  • 2 minute(s) read
  • Josh Olmstead
 Prev Next

Overview

High QA Inspection Manager is designed to satisfy the file encryption requirements for Controlled Unclassified Information (CUI) by protecting this data both at rest and in transit.

When properly configured, Inspection Manager and our Server Applications will comply with the following encryption requirements:

CMMC 2.0 Level 2 controls:

  • SC.L2-3.13.8 – Protect data in transit

  • SC.L2-3.13.16 – Protect data at rest

NIST SP 800-171 requirements:

  • 03.13.08 – Transmission and Storage Confidentiality

  • 03.13.11 – Cryptographic Protection

This article explains how Inspection Manager ensures compliance with these encryption requirements and provides guidance for configuration.

Data at Rest Encryption

Inspection Manager uses Windows BitLocker Drive Encryption to protect data at rest. When properly configured, this ensures that all stored data is encrypted using FIPS 140-2 compliant cryptographic modules.

Configuration Steps:

  1. Enable FIPS Mode

    1. FIPS mode must be enabled before configuring BitLocker to ensure compliance.

    2. FIPS mode can be enabled on the machine hosting Inspection Manager by enabling the highlighted setting in the machine’s Local Security Policy.

    3. Note: FIPS is not currently compatible with High QA PQP!

      Enabling FIPS mode may cause compatibility issues with the Production Quality Planner (PQP) module, which is an optional add-on to Inspection Manager. We have observed issues with the PQP module when FIPS is enabled in Inspection Manager version 7.0 MR3. Functionality such as printing, package generation, and other related features are impacted.

      Compatiability with PQP will be addressed in a future Inspection Manager v8 update. In the meantime, if you are a PQP customer and need to enable FIPS mode, please reach out to our Support team. We will work with you to further troubleshoot and assess potential workarounds.

      Note that enabling FIPS does not affect:

      1. Inspection Manager v7 MR3 when PQP is not installed, or

      2. Inspection Manager v6 MR5, which did not include the PQP module.

  2. Configure BitLocker

    1. To configure BitLocker, refer to the following Microsoft Knowledge Base article: BitLocker Drive Encryption - Microsoft Support

    2. If BitLocker is already enabled but FIPS is not enabled, then drives must be decrypted and re-encrypted AFTER turning on FIPS to ensure security compliance.

  3. Validate BitLocker

    1. Verify that BitLocker has successfully encrypted the appropriate drive and that this drive hosts the Inspection Manager installation directory.

Data in Transit Encryption

Inspection Manager ensures secure data transmission through:

  • File Transfer Service (FTS)

    • Automatically uses HTTPS (TLS) to encrypt all file-based data in transit between servers and client instances.

  • SQL Server Connections

    • Connections to the SQL Server Database are encrypted for secure communication.

    • To enable SQL Server encryption, follow this guide:

  • SSL for IM and Server Applications

    • When installing Inspection Manager and Server Applications, be sure to enable SSL using the the Setup Wizard. Customers with sufficient resources are advised to obtain and use their own certificates.

    • Refer to the Inspection Manager Centralized DB Installation Guide for step-by-step IM installation instructions.

    • Refer to the Server Applications Installation Guide for step-by-step Server Application installation instructions.

      • Server Applications bundle includes the following applications:

        • Floating License Server

        • Inspection Manager Express (IME)

        • Inspection Manager Xplorer (IMX)

        • Inspection Manager SPC (IMS)

HighQA