What does AC.L2-3.1.19 require for all CUI on mobile devices?

The requirement AC.L2-3.1.19 focuses on the security of Controlled Unclassified Information (CUI) when stored on mobile devices. Specifically, it mandates that CUI must be encrypted on these devices. The importance of encryption lies in its ability to protect sensitive data from unauthorized access; even if a mobile device is lost or stolen, the information remains secure and unreadable without the proper decryption keys. This is vital in maintaining the confidentiality and integrity of CUI, which is essential for compliance with data protection regulations.

In contrast, while regular backups, deletion protocols, and biometric authentication are important aspects of overall mobile device security, they do not specifically address the encryption requirements set forth by AC.L2-3.1.19. Regular backups might ensure data recovery but do not protect against unauthorized access. Deleting CUI after a set period may remove data but does not mitigate the risk while that data is still resident on the device. Biometric authentication enhances access control but does not protect the data at rest. Thus, encryption stands out as the fundamental requirement established to secure CUI effectively on mobile platforms.