MP.L2-3.8.6—Portable Storage Encryption
Level 2
800-171: 3.8.6
>Control Description
Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy for encrypting CUI on portable media?
- •When are alternative physical safeguards acceptable instead of encryption?
- •How do you ensure media encryption is properly implemented before transport?
- •Who approves the use of alternative physical safeguards?
- •What encryption standards are required for media protection?
Technical Implementation:
- •What encryption technologies protect media during transport?
- •What FIPS-validated encryption protects portable media?
- •How do you verify media is encrypted before transport?
- •What key management supports encrypted media?
- •What tools verify encryption is properly applied to media?
Evidence & Documentation:
- •What media protection policies and procedures can you provide?
- •What media inventory and tracking records can you show?
- •What sanitization certificates demonstrate proper media disposal?
- •What transport documentation shows media accountability during transport?
- •What evidence shows media is properly marked with CUI indicators?
- •What encryption verification shows portable media is encrypted?
- •What access logs show restricted access to media?
Ask AI
Configure your API key to use AI features.