Encrypting CUIE Files for External Use


This article should be used in conjunction with the CUI Environment tiCrypt User Guide. The instructions below outline how to encrypt files intended for use outside of the Controlled Unclassified Information Environment (CUIE). This protects the confidentiality of the files to be shared. Be sure to reference your Technology Control Plan (TCP) as well for specific guidance on transferring data to ensure that you are in compliance with your system requirements.

How to use WinZip to encrypt files and folders

WinZip is commercial software used to compress or zip files secured with encryption. When you send or transfer files that contain CUI (Controlled Unclassified Information or other sensitive data outside of the CUIE, the files must be encrypted using FIPS validated cryptography to ensure that they are protected from unauthorized disclosure. WinZip creates a container called an archive that holds the files to be protected. That archive can be encrypted and protected with a password.

  1. Right click on the file/folder to be encrypted. Select WinZip then Add/Move to Zip file.

    Right-click menu to add file to WinZip

  2. In the Add/Move Files window change the name of the archive you wish to create then click Add.

    Enter name of archive

  3. Click OK to acknowledge the encryption caution.

    WinZip caution

  4. Enter a password that meets the password policy. Click OK.

    Password creation prompt

  5. Click OK on the Add Complete window.

    Add Complete window

  6. The encrypted file is now available to transfer to the Vault for download.

Best practices for sending encrypted data via email

  1. Use a strong, unique password to encrypt files.
  2. When sending the intended receiver encrypted data, be sure to avoid using terms associated with the content in the Subject line or Body of the email.
  3. Send the password that decrypts the files in a separate email. Avoid using terms associated with the content in the Subject line or Body of the email. Or, provide the password via phone, directly to the intended receiver.
  4. Confirm the encrypted file has been received and decrypted with the user.
  5. Use a new password each time an encrypted file must be sent via email again. Avoid using the same passwords for the same files.