MP-5(4) — Cryptographic Protection

This enhancement requires cryptographic protection for media during transport. Encryption ensures that even if media is lost or stolen in transit, the data remains protected.

Example 1: Use BitLocker To Go to encrypt all USB drives before they leave your facility. For backup tapes, enable encryption at the backup software level (Veeam AES-256, Commvault encryption). Never transport unencrypted media containing sensitive data.

Example 2: For laptop transport, ensure BitLocker is enabled with pre-boot authentication. Use hardware-encrypted portable drives (FIPS 140-2 validated) for any data that needs to travel. Document the encryption method used on the media transport form.