CMMC Practice MP.L2-3.8.6

Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards.

Bold Coast Security Guidance

We alluding to encrypting data as a key control for transporting media, and it is codified in this practice. Your organization should take into consideration all backup tapes, USB drives, and other forms of digital media. Be sure you are using FIPS 140-2 or 140-3 approved modules for your encryption. This may mean turning on "FIPS Mode" prior to enabling encryption. Laptops and other mobile devices are addressed in an Access Control practice, but the same thought process is going on here.

Discussion From Source

DRAFT NIST SP 800-171 R2 This requirement applies to portable storage devices (e.g., USB memory sticks, digital video disks, compact disks, external or removable hard disk drives).

References