CMMC Practice MP.3.125: Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
CUI can be stored and transported on a variety of media like magnetic disks, tapes, USB drives, CD-ROMs, and so on. This makes digital CUI data very portable. The portability increases the chance that the media is lost. When identifying the paths CUI flows through your organization, identify devices to include in this practice.
To mitigate the risk of losing or exposing CUI an organization should implement an encryption scheme to protect the data. Even if the media is lost the fact that it is properly encrypted renders the data inaccessible to other people. When encryption is not an option, alternative physical sageguards should be applied during transport.