Overview:
Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards.
Action Items:
3.8.6[a]
Determine if: the confidentiality of CUI stored on digital media is protected during transport using cryptographic mechanisms or alternative physical safeguards.
POTENTIAL ASSESSMENT METHODS AND OBJECTS
1
Examine: System media protection policy; procedures addressing media transport; system design documentation; system security plan; system configuration settings and associated documentation; system media transport records; system audit logs and records; other relevant documents or records].
2
Interview: Personnel with system media transport responsibilities; personnel with information security responsibilities].
3
Test: Cryptographic mechanisms protecting information on digital media during transportation outside controlled areas].
Related Documents (document name and content will vary by organization):
1) System media protection policy
2) procedures addressing media transport
3) system design documentation
4) system security plan
5) system configuration settings and associated documentation
6) system media transport records
7) system audit logs and records
8) other relevant documents or records
Additional Guidance:
This requirement applies to portable storage devices (e.g., USB memory sticks, digital video disks, compact disks, external or removable hard disk drives) and mobile devices with storage capability (e.g., smart phones, tablets, and e-readers). NIST Special Publication 800-111 provides guidance on storage encryption technologies for end user devices. See NIST Cryptographic Standards.
Article ID: 174
Created: September 26, 2022
Last Updated: September 26, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/nist-800-171-safeguarding-media-in-transit-3-8-6-174.html