Section 1252.239-84 - Media TransportAs prescribed in 1239.7204(i), insert a clause substantially as follows:
Media Transport (NOV 2022)
(a) The Contractor shall document activities associated with the transport of DOT information stored on digital and non-digital media and employ cryptographic mechanisms to protect the confidentiality and integrity of this information during transport outside of controlled areas. This applies to-(1) Digital media containing DOT or other Federal agency or other sensitive or third-party provided information that requires protection must be encrypted using FIPS 140-2 [Contracting Officer insert required encryption mode, based on FIPS 199 risk category] when transported outside of controlled areas; and(2) Nondigital media must be secured using the same policies and procedures as paper.(b) Contractors shall ensure accountability for media containing DOT or other Federal agency or other sensitive or third-party provided information that is transported outside of controlled areas. This can be accomplished through appropriate actions such as logging and a documented chain of custody form.(c) DOT or other Federal agency sensitive or third-party provided information that resides on mobile/portable devices (e.g., USB flash drives, external hard drives, and SD cards) must be encrypted using FIPS 140-2 [Contracting Officer insert the required encryption mode based on FIPS 199 risk category]. All Federal agency data residing on laptop computing devices must be protected with NIST-approved encryption software.(End of clause)