How should SCI be stored and used on portable media?

Handling SCI on portable media requires strict control to prevent unauthorized access. The safest practice is to use only approved encrypted media or devices that have been specifically authorized for SCI handling, and to work within a SCIF or other approved secure area. Encryption protects data at rest, but the device itself is part of the security boundary; if the media is lost, stolen, or used outside a secure environment, the risk of exposure increases dramatically. A SCIF provides physical security, controlled access, monitoring, and procedures that ensure only cleared personnel can handle the material and that transport and storage are auditable. Personal devices and consumer cloud services are not suitable because they lie outside the controlled boundary, are more prone to compromise, and lack the required administrative controls. In practice, if you must move SCI, you follow the approved media, use approved encryption, ensure the device remains in a secure location, and adhere to the SCIF's transport and handling procedures.